CVE-2025-51390
CriticalCVSS 9.8Exploitation Probability (EPSS)
High risk76th percentile - higher than 76% of all known CVEs
Summary
A command injection vulnerability was discovered in the TOTOLINK N600R router running firmware version V4.3.0cu.7647_B20210106. The issue resides in the setWiFiWpsConfig function via the pin parameter.
Risk Assessment
An attacker can remotely execute arbitrary system commands on the device, leading to full compromise of the router and potential network takeover.
Recommendation
Immediately update the TOTOLINK N600R firmware to the latest available version. If no update is available, restrict administrative access to trusted networks only.
Original NVD description (English source)
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.

