Sign-up

ID

VAR-202508-0437


CVE

CVE-2025-8937


TITLE

TOTOLINK  of  N350R  Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015587

DESCRIPTION

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N350R The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N350R is a WiFi router manufactured by the Chinese company TOTOLINK. An attacker could exploit this vulnerability to inject malicious code, causing the application to crash or behave abnormally

Trust: 2.16

sources: NVD: CVE-2025-8937 // JVNDB: JVNDB-2025-015587 // CNVD: CNVD-2025-19231

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19231

AFFECTED PRODUCTS

vendor:totolinkmodel:n350rscope:eqversion:1.2.3-b20130826

Trust: 1.0

vendor:totolinkmodel:n350rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:n350rscope:eqversion:n350r firmware 1.2.3-b20130826

Trust: 0.8

vendor:totolinkmodel:n350rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:n350r 1.2.3-b20130826scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-19231 // JVNDB: JVNDB-2025-015587 // NVD: CVE-2025-8937

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-8937
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-8937
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-015587
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-19231
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-8937
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015587
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-19231
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-8937
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-8937
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-015587
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19231 // JVNDB: JVNDB-2025-015587 // NVD: CVE-2025-8937 // NVD: CVE-2025-8937

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015587 // NVD: CVE-2025-8937

EXTERNAL IDS

db:NVDid:CVE-2025-8937

Trust: 3.2

db:VULDBid:319900

Trust: 1.8

db:JVNDBid:JVNDB-2025-015587

Trust: 0.8

db:CNVDid:CNVD-2025-19231

Trust: 0.6

sources: CNVD: CNVD-2025-19231 // JVNDB: JVNDB-2025-015587 // NVD: CVE-2025-8937

REFERENCES

url:https://vuldb.com/?id.319900

Trust: 1.8

url:https://vuldb.com/?submit.631826

Trust: 1.8

url:https://vuldb.com/?submit.631838

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-8937

Trust: 1.4

url:https://vuldb.com/?ctiid.319900

Trust: 1.0

url:https://github.com/rew1x/cve/blob/main/totolink/formsyscmd/formsyscmd.md

Trust: 1.0

url:https://github.com/rew1x/cve/blob/main/totolink/n350r_formsyscmd.pdf

Trust: 1.0

sources: CNVD: CNVD-2025-19231 // JVNDB: JVNDB-2025-015587 // NVD: CVE-2025-8937

SOURCES

db:CNVDid:CNVD-2025-19231
db:JVNDBid:JVNDB-2025-015587
db:NVDid:CVE-2025-8937

LAST UPDATE DATE

2025-10-12T23:08:23.305000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19231date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2025-015587date:2025-10-09T08:39:00
db:NVDid:CVE-2025-8937date:2025-10-03T18:41:18.650

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19231date:2025-08-21T00:00:00
db:JVNDBid:JVNDB-2025-015587date:2025-10-09T00:00:00
db:NVDid:CVE-2025-8937date:2025-08-14T05:15:27.290