[hardware] TOTOLINK N300RB 8.54 - Command Execution
TOTOLINK N300RB 8.54固件中存在隐藏远程支持功能漏洞,攻击者可利用静态密钥执行任意OS命令并获取root权限。 2025-7-16 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:18 收藏
TOTOLINK N300RB 8.54固件中存在隐藏远程支持功能漏洞,攻击者可利用静态密钥执行任意OS命令并获取root权限。 2025-7-16 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:18 收藏
# Title: TOTOLINK N300RB 8.54 - Command Execution
# Author: Skander BELABED - Magellan Sécurité
# Date: 07/11/2025
# Vendor: TOTOLINK
# Product: N300RB
# Firmware version: 8.54
# CVE: CVE-2025-52089
## Description:
A hidden remote support feature protected by a static secret in TOTOLINK
N300RB firmware version 8.54 allows an authenticated attacker to execute
arbitrary OS commands with root privileges.
# Reproduce:
[href](
https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/)
文章来源: https://www.exploit-db.com/exploits/52363
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh