CVE-2025-52089

{"id": "CVE-2025-52089", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-07-11T15:15:24.677", "references": [{"url": "https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges."}, {"lang": "es", "value": "Una funci\u00f3n de soporte remoto oculta protegida por un secreto est\u00e1tico en la versi\u00f3n 8.54 del firmware TOTOLINK N300RB permite que un atacante autenticado ejecute comandos arbitrarios del sistema operativo con privilegios de root."}], "lastModified": "2025-07-19T03:15:22.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n300rb_firmware:8.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAA4470F-B2BC-4E27-8D30-68F3CA3F5ABA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n300rb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5F9AA3E-143F-4A4E-8CDF-6DEB4F1C9620"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}