CVE-2025-4849 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi CloudACMunualUpdateUserdata url command injection

Inserito da Angelo Barbosa | Mag 16, 2025 | CVE

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command injection.

This vulnerability is handled as CVE-2025-4849. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-4849 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi CloudACMunualUpdateUserdata url command injection

Post correlati

CVE-2024-26705 | Linux Kernel up to 6.6.17/6.7.5 parisc btlb_info denial of service (54944f45470a/aa52be552766/913b9d443a01)

CVE-2025-47525 | boldthemes Bold Page Builder Plugin up to 5.3.0 on WordPress cross site scripting

CVE-2025-37747 | Linux Kernel up to 6.12.23/6.13.11/6.14.2/6.15-rc1 perf_event_overflow reference count

CVE-2024-7026 | Teknogis Informatics Closed Circuit Vehicle Tracking Software up to 21.11.2024 sql injection