Cyber Posture

CVE-2025-51390

CriticalPublic PoCRCE

Published: 04 August 2025

Published
04 August 2025
Modified
15 August 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0243 85.2th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-51390 is a critical-severity OS Command Injection (CWE-78) vulnerability in Totolink N600R Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection by enforcing validation of the untrusted pin parameter in the setWiFiWpsConfig function.

SI-2 Flaw Remediation good match
prevent

Remediates the specific command injection flaw through timely identification, reporting, and patching of the vulnerable firmware.

CM-7 Least Functionality partial match
prevent

Mitigates exposure by disabling or restricting the non-essential WPS configuration functionality that hosts the vulnerable endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
attack.mitre.org →
Why these techniques?

Command injection via web interface parameter enables exploitation of public-facing application (T1190) and arbitrary command execution on network device CLI (T1059.008).

NVD Description

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.

Deeper analysisAI

CVE-2025-51390 is a command injection vulnerability (CWE-78) affecting the TOTOLINK N600R router running firmware version V4.3.0cu.7647_B20210106. The issue resides in the setWiFiWpsConfig function, where the pin parameter allows injection of arbitrary commands.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low attack complexity, requiring no authentication, privileges, or user interaction. Successful exploitation enables unauthenticated attackers to execute arbitrary commands on the device, potentially resulting in high-impact compromise of confidentiality, integrity, and availability, such as full router takeover.

Advisories and additional technical details, including potential proof-of-concept information, are referenced at http://totolink.com and GitHub locations such as https://github.com/Luanruy/qianxin/blob/main/CVE-2025-51390.md, https://github.com/Luanruy/qianxin/blob/main/overflow-0x41ca08.md, and https://github.com/Luanruy/qianxin/blob/main/CVE-2025-51390.md. The CVE was published on 2025-08-04T18:15:34.927.

Details

CWE(s)
CWE-78

Affected Products

totolink
n600r firmware
4.3.0cu.7647_b20210106

CVEs Like This One

CVE-2025-9935Same product: Totolink N600R
CVE-2025-11444Same product: Totolink N600R
CVE-2025-25579Same vendor: Totolink
CVE-2024-57017Same vendor: Totolink
CVE-2026-31178Same vendor: Totolink
CVE-2025-11005Same vendor: Totolink
CVE-2026-31181Same vendor: Totolink
CVE-2025-52906Same vendor: Totolink
CVE-2026-31177Same vendor: Totolink
CVE-2026-4497Same vendor: Totolink

References