CVE-2025-4851 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUploadUserData FileName command injection

Inserito da Angelo Barbosa | Mag 16, 2025 | CVE

A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection.

This vulnerability was named CVE-2025-4851. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-4851 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUploadUserData FileName command injection

Post correlati

CVE-2024-7944 | itsourcecode Laravel Property Management System 1.0 DocumentsController.php UpdateDocumentsRequest unrestricted upload

CVE-2024-45340 | Google Go 1.24.0-rc1 cmd-go insertion of sensitive information into sent data

CVE-2024-3421 | SourceCodester Online Courseware 1.0 admin/deactivatestud.php selector sql injection

CVE-2023-43553 | Qualcomm Snapdragon MLIE memory corruption