CVE-2025-3987 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-3987 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

EPSS 8.89% · 92.5th percentile

Risk Scores

CVSS v4.0

5.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS Score

8.89%

92.5th percentile

Affected Products

Vendor	Product	Versions
TOTOLINK	N150RT	3.4.0-B20190525
totolink	n150rt_firmware	3.4.0-b20190525

Timeline

Apr 27, 2025 CVE Published
Apr 28, 2025 EPSS Score
Apr 28, 2025 PoC Published
May 1, 2025 EPSS Score
May 7, 2025 CVE Updated
May 8, 2025 PoC Published
May 8, 2025 EPSS Score
May 9, 2025 EPSS Score
May 15, 2025 EPSS Score
May 21, 2025 EPSS Score
Jun 1, 2025 EPSS Score
Jun 13, 2025 EPSS Score

References

VDB-306323 | TOTOLINK N150RT formWsc command injection vdb
VDB-306323 | CTI Indicators (IOB, IOC, TTP, IOA) url
Submit #557938 | TOTOLINK N150RT V3.4.0-B20190525 Command Injection third-party-advisory
https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/RCE_formWsc exploit
https://www.totolink.net/ url
https://nvd.nist.gov/vuln/detail/CVE-2025-3987 advisory
https://www.totolink.net url

Open in Interactive Console →