CVE-2025-7154
BaseFortify
Publication date: 2025-07-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | n200re_firmware | 9.3.5u.6095_b20200916 |
| totolink | n200re | * |
| totolink | n200re_firmware | 9.3.5u.6139_b20201216 |
| totolink | n200re | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7154 is a critical OS command injection vulnerability in the TOTOLINK N200RE router firmware versions 9.3.5u.6095_B20200916 and 9.3.5u.6139_B20201216. It occurs in the function sub_41A0F8 within the file /cgi-bin/cstecgi.cgi, where improper handling of the 'Hostname' argument allows an attacker to inject and execute arbitrary operating system commands remotely. This means an attacker can run commands on the device without proper authorization, potentially taking control of it. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely execute arbitrary commands on your TOTOLINK N200RE router, potentially compromising the confidentiality, integrity, and availability of the device. This could lead to unauthorized access, control over the router, disruption of network services, or further attacks on connected systems. Exploitation is easy and does not require authentication. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious requests to the endpoint /cgi-bin/cstecgi.cgi that include the Hostname parameter, especially those containing unusual or special characters indicative of command injection attempts. Since a proof-of-concept exploit is publicly available, you can test the device by sending crafted HTTP requests targeting the Hostname parameter to check for command execution. Specific commands are not provided in the resources, but network monitoring tools or web application firewalls can be configured to alert on such suspicious requests. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected TOTOLINK N200RE device with an alternative product, as no known mitigations or countermeasures have been reported. Additionally, restricting remote access to the device's management interface and monitoring for exploitation attempts can help reduce risk until replacement is possible. [2]