Skip to main content

N300rb Firmware CVE-2025-52089

| EUVD-2025-21164 HIGH
Missing Authentication for Critical Function (CWE-306)
2025-07-11 cve@mitre.org
Information Disclosure N300rb Firmware TOTOLINK
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 16, 2026 - 08:17 euvd
EUVD-2025-21164
Analysis Generated
Mar 16, 2026 - 08:17 vuln.today
PoC Detected
Jul 19, 2025 - 03:15 vuln.today
Public exploit code
CVE Published
Jul 11, 2025 - 15:15 nvd
HIGH 8.8

DescriptionNVD

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.

AnalysisAI

CVE-2025-52089 is a critical remote code execution vulnerability in TOTOLINK N300RB firmware version 8.54, where a hidden remote support feature protected only by a static secret allows authenticated attackers to execute arbitrary OS commands with root privileges. While the CVSS 3.1 score of 8.8 reflects high severity, the attack vector is adjacent network (AV:A), limiting widespread exploitation to network-adjacent attackers. The vulnerability has not been publicly confirmed as actively exploited or included in CISA's Known Exploited Vulnerabilities (KEV) catalog, but the simplistic authentication mechanism (static secret) and hidden feature design suggest high exploitability once discovered.

Technical ContextAI

The vulnerability resides in a covert remote support functionality within the TOTOLINK N300RB router firmware (version 8.54), likely implemented as an undocumented service or management interface. The root cause is classified under CWE-306 (Missing Authentication), indicating the feature relies solely on a static, hardcoded secret rather than proper authentication mechanisms. This is compounded by security-through-obscurity: the feature's existence is not documented, making it discoverable only through reverse engineering or credential compromise. The vulnerability affects network-attached devices (CPE likely: cpe:2.3:h:totolink:n300rb:*:*:*:*:*:*:*:* or equivalent firmware CPE), which typically operate as residential or small-business gateway devices. The static secret authentication bypass, combined with OS command execution capability, suggests the feature may expose shell command injection or parameter tampering vulnerabilities in the management interface.

RemediationAI

Immediate remediation: (1) Update TOTOLINK N300RB firmware to the latest available version released after 8.54—check TOTOLINK's official firmware download page or contact ISP if device is ISP-managed; (2) If firmware update is unavailable, isolate the device from untrusted network segments (disable guest networks, restrict administrative access, implement network ACLs to limit device accessibility); (3) Change any default credentials and disable remote management features if accessible via user interface. Long-term: (1) Monitor TOTOLINK's security advisories and firmware release notes for patches addressing CVE-2025-52089; (2) Consider device replacement if vendor ceases support; (3) Implement network segmentation to restrict lateral movement if device is compromised (device on isolated IoT VLAN with egress filtering). Workarounds: No effective workaround exists without firmware update, given the static secret authentication and hidden feature design—the vulnerability is inherent to the firmware version.

Share

CVE-2025-52089 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy