CVE-2025-4850 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection.

This vulnerability is uniquely identified as CVE-2025-4850. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More