CVE-2025-34319 CRITICAL

CVE-2025-34319: TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE

Vendor Totolink

Product N300RT

Weakness CWE-78

Published December 3, 2025

Last update May 14, 2026

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

Key dates

02Disclosure timeline

December 3, 2025 CVE published

May 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-34319

Related vulnerabilities

CVE-2025-34319: TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE

01Description

02Disclosure timeline

03References

04Related CVE