QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34319

Published: Dec 3, 2025

Modified: May 14, 2026

PUBLISHED

Description

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

Vendor	Product	Versions
TOTOLINK	N300RT	affected `0 - < V3.4.0-B20250430`

Weaknesses (CWE)

References

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.html

patch

https://totolink.tw/support_view/N300RT

product

https://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.