216.73.217.86

CVE-2025-4850

· Published 18/05/2025 03:15 · Modified 19/05/2025 13:35

Labels: CVE-2025-4850 2025-05-18CVE-2025-4850CWE-74[email protected]

Essential information

Published
18/05/2025 03:15
Modified
19/05/2025 13:35
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
totolink / n300rh cpe:2.3:h:totolink:n300rh:6.1c.1390:B20191101:*:*:*:*:*:*:*

References