CVE-2025-8938
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | n350r_firmware | 1.2.3-b20130826 |
| totolink | n350r | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the TOTOLINK N350R router, specifically in the Telnet Service component's formSysTel function. By manipulating the TelEnabled argument, an attacker can create a backdoor, potentially allowing unauthorized remote access to the device.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to gain unauthorized access to the affected device through a backdoor. This could lead to compromise of the device, unauthorized control, data interception, or further attacks on the network.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70