CVE-2025-4851
Published: 18 May 2025
Summary
CVE-2025-4851 is a medium-severity Injection (CWE-74) vulnerability in Totolink N300Rh Firmware. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 14.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A critical command injection vulnerability, tracked as CVE-2025-4851, affects the TOTOLINK N300RH router running firmware version 6.1c.1390_B20191101. The flaw resides in the setUploadUserData function of the /cgi-bin/cstecgi.cgi endpoint, where unsanitized input to the FileName argument allows arbitrary command execution. It is assigned CWE-74 and CWE-77 and carries a CVSS 4.0 score of 5.3.
An authenticated remote attacker can supply a crafted FileName value to the CGI endpoint and execute operating-system commands on the device. Public exploit code has been released, enabling attackers to leverage the issue for unauthorized access or further compromise of the router without requiring user interaction.
The EPSS score remains flat at 0.0241 with no material increase since disclosure. No vendor advisory or patch information is provided in the available references, which include a public proof-of-concept and vulnerability database entries.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-15618
Vulnerability details
A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The exploit has…
more
been disclosed to the public and may be used.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.