CVE-2025-52089
published 2025-07-11CVE-2025-52089: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS…
PriorityP180high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.06%
93.4th percentile
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | n300rb_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for exploitation of the hidden remote support/debug interface on TOTOLINK N300RB firmware 8.54, which is protected by a static (hardcoded) secret and allows root OS command execution when triggered by an authenticated user. ↗
- →Refer to the public exploit write-up and PoC at https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/ for specific endpoint paths, parameters, and the static secret used to trigger the hidden debug/remote support interface. ↗
- ·The hidden remote support feature is protected by a static (hardcoded) secret; the exact secret value is not disclosed in these sources but is documented in the linked PoC write-up. Detection should focus on unexpected authenticated requests to the debug/remote support endpoint. ↗
- ·Exploitation requires prior authentication; unauthenticated access alone is insufficient to trigger the vulnerability. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qq76-g6vx-4jqg: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8
ghsa_unreviewed·2025-07-11
CVE-2025-52089 [MEDIUM] CWE-306 GHSA-qq76-g6vx-4jqg: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.
VulnCheck
totolink n300rb_firmware Missing Authentication for Critical Function
vulncheck·2025·CVSS 8.8
CVE-2025-52089 [HIGH] totolink n300rb_firmware Missing Authentication for Critical Function
totolink n300rb_firmware Missing Authentication for Critical Function
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.
Affected: totolink n300rb_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.bitsight.com/blog/rondodox-botnet-infrastructure-analysis
No detection rules found.
No writeups or analysis indexed.
2025-07-11
Published
Exploited in the wild