Sign-up

ID

VAR-202506-1180


CVE

CVE-2025-6299


TITLE

TOTOLINK  of  N150RT  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007881

DESCRIPTION

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2025-6299 // JVNDB: JVNDB-2025-007881 // CNVD: CNVD-2025-14222

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14222

AFFECTED PRODUCTS

vendor:totolinkmodel:n150rtscope:eqversion:3.4.0-b20190525

Trust: 1.0

vendor:totolinkmodel:n150rtscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:n150rtscope: - version: -

Trust: 0.8

vendor:totolinkmodel:n150rtscope:eqversion:n150rt firmware 3.4.0-b20190525

Trust: 0.8

vendor:totolinkmodel:n150rt 3.4.0-b20190525scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-14222 // JVNDB: JVNDB-2025-007881 // NVD: CVE-2025-6299

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6299
value: LOW

Trust: 1.0

OTHER: JVNDB-2025-007881
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-14222
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-6299
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-007881
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-14222
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-6299
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-007881
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14222 // JVNDB: JVNDB-2025-007881 // NVD: CVE-2025-6299

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-007881 // NVD: CVE-2025-6299

EXTERNAL IDS

db:NVDid:CVE-2025-6299

Trust: 3.2

db:VULDBid:313299

Trust: 1.8

db:JVNDBid:JVNDB-2025-007881

Trust: 0.8

db:CNVDid:CNVD-2025-14222

Trust: 0.6

sources: CNVD: CNVD-2025-14222 // JVNDB: JVNDB-2025-007881 // NVD: CVE-2025-6299

REFERENCES

url:https://docs.google.com/document/d/1meud3wlzpe0hhqam_ar6zx1ndyo29zsk/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true

Trust: 2.4

url:https://vuldb.com/?id.313299

Trust: 1.8

url:https://vuldb.com/?submit.594650

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.313299

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6299

Trust: 0.8

sources: CNVD: CNVD-2025-14222 // JVNDB: JVNDB-2025-007881 // NVD: CVE-2025-6299

SOURCES

db:CNVDid:CNVD-2025-14222
db:JVNDBid:JVNDB-2025-007881
db:NVDid:CVE-2025-6299

LAST UPDATE DATE

2025-07-04T23:50:47.866000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14222date:2025-06-27T00:00:00
db:JVNDBid:JVNDB-2025-007881date:2025-07-03T06:31:00
db:NVDid:CVE-2025-6299date:2025-07-02T18:53:41.497

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14222date:2025-06-27T00:00:00
db:JVNDBid:JVNDB-2025-007881date:2025-07-03T00:00:00
db:NVDid:CVE-2025-6299date:2025-06-20T03:15:28.060