Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52089

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.

Published

2025-07-11T15:15:24.677

Last Modified

2025-07-19T03:15:22.727

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	n300rb_firmware	8.54	Yes
Hardware	totolink	n300rb	-	No

References

https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/ Exploit, Third Party Advisory ([email protected])