Pre-Auth Remote Command Execution in TOTOLINK Routers
CVE-2025-28034

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: TOTOLINK Routers
Vendor: CVE Published:; 22 April 2025

Summary

Certain TOTOLINK router models are susceptible to a pre-authentication remote command execution vulnerability. This flaw, rooted in the NTPSyncWithHost function, allows attackers to exploit the hostTime parameter. Successful exploitation could enable an unauthorized remote attacker to execute arbitrary commands on vulnerable devices, jeopardizing network security and data integrity.

References

https://locrian-lightning-dc7.notion.site/RCE2-1a98e5e2b1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 11, 2025