How to fix CVE-2025-34319?

Within 24 hours: Identify all TOTOLINK N300RT routers in your environment and their firmware versions; isolate affected devices from critical network segments if possible. Within 7 days: Implement network-based mitigations including WAF rules blocking malicious targetAPSsid parameters and disabling remote management access; contact TOTOLINK for patch availability status. Within 30 days: Deploy replacement routers from alternate vendors or apply vendor patch immediately upon release; conduct network forensics for signs of compromise.

Is Command Injection affected by CVE-2025-34319?

A critical unauthenticated remote code execution vulnerability affecting TOTOLIK N300RT wireless routers (firmware versions prior to V3.4.0-B20250430) allows attackers to execute arbitrary commands without authentication.

CVE-2025-34319

EUVD-2025-201000 CRITICAL

2025-12-03 [email protected]

9.3

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201000

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

CVE Published

Dec 03, 2025 - 17:15 nvd

CRITICAL 9.3

Description

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

Analysis

Technical Context

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

Affected Products

Affected: V2

Remediation

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +3.4

CVSS: +46

POC: 0

CVE-2025-34319 vulnerability details – vuln.today

Back

CVE-2025-34319

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-34319

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code