cbcvebase.
CVE-2025-52089
published 2025-07-11

CVE-2025-52089: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS…

PriorityP180high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.06%
93.4th percentile
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.

Affected

1 ranges
VendorProductVersion rangeFixed in
totolinkn300rb_firmware

Detection & IOCsextracted from sources · hover to see the quote

versionTOTOLINK N300RB firmware 8.54
  • Monitor for exploitation of the hidden remote support/debug interface on TOTOLINK N300RB firmware 8.54, which is protected by a static (hardcoded) secret and allows root OS command execution when triggered by an authenticated user.
  • Refer to the public exploit write-up and PoC at https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/ for specific endpoint paths, parameters, and the static secret used to trigger the hidden debug/remote support interface.
  • ·The hidden remote support feature is protected by a static (hardcoded) secret; the exact secret value is not disclosed in these sources but is documented in the linked PoC write-up. Detection should focus on unexpected authenticated requests to the debug/remote support endpoint.
  • ·Exploitation requires prior authentication; unauthenticated access alone is insufficient to trigger the vulnerability.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.