TOTOLINK N300RB 8.54 - Command Execution

Author: Skander BELABED - Magellan Sécurité
type: hardware
platform: multiple
port: 
date_added: 2025-07-16  
date_updated: 2025-07-16  
verified: 0  
codes: CVE-2025-52089  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 52363.txt  

# Title: TOTOLINK N300RB 8.54 - Command Execution
# Author: Skander BELABED - Magellan Sécurité
# Date: 07/11/2025
# Vendor: TOTOLINK
# Product: N300RB
# Firmware version: 8.54
# CVE: CVE-2025-52089

## Description:
A hidden remote support feature protected by a static secret in TOTOLINK
N300RB firmware version 8.54 allows an authenticated attacker to execute
arbitrary OS commands with root privileges.

# Reproduce:
[href](
https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/)