CVE-2025-4850 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

Inserito da Angelo Barbosa | Mag 16, 2025 | CVE

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection.

This vulnerability is uniquely identified as CVE-2025-4850. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-4850 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

Post correlati

CVE-2024-53764 | SoftHopper Softtemplates for Elementor Plugin up to 1.0.8 on WordPress cross site scripting

CVE-2024-12664 | ruifang-tech Rebuild 3.8.5 Project Task Comment cross site scripting

CVE-2024-50508 | Chetan Khandla Woocommerce Product Design Plugin up to 1.0.0 on WordPress path traversal

CVE-2024-54954 | OneBlog 2.3.6 Template Management Page injection