CVE-2025-4850 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

Inserito da Angelo Barbosa | Mag 16, 2025 | CVE

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection.

This vulnerability is uniquely identified as CVE-2025-4850. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-4850 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

Post correlati

CVE-2023-45481 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn SetFirewallCfg firewallEn stack-based overflow

CVE-2024-49223 | Shibu Lijack CJ Change Howdy Plugin up to 3.3.1 on WordPress cross-site request forgery

CVE-2023-50703 | EFACEC UC 500 10.1.0 cleartext transmission (icsa-23-353-03)

CVE-2024-1807 | Product Sort and Display for WooCommerce Plugin up to 2.4.1 on WordPress authorization