TOTOLINK N300RB 8.54 - Command Execution

Author: Skander BELABED - Magellan Sécurité
type: hardware
platform: multiple
port: 
date_added: 2025-07-16 
date_updated: 2025-07-16 
verified: 0 
codes: CVE-2025-52089 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Title: TOTOLINK N300RB 8.54 - Command Execution
# Author: Skander BELABED - Magellan Sécurité
# Date: 07/11/2025
# Vendor: TOTOLINK
# Product: N300RB
# Firmware version: 8.54
# CVE: CVE-2025-52089

## Description:
A hidden remote support feature protected by a static secret in TOTOLINK
N300RB firmware version 8.54 allows an authenticated attacker to execute
arbitrary OS commands with root privileges.

# Reproduce:
[href](
https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/)