CVE-2025-45800 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-45800?

CVE-2025-45800 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A950RG routers by exploiting improper input validation in the setDeviceName interface. Attackers can gain full control of affected devices, potentially compromising entire networks. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A950RG routers by exploiting improper input validation in the setDeviceName interface. Attackers can gain full control of affected devices, potentially compromising entire networks. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

TOTOLINK A950RG

Versions: V4.1.2cu.5204_B20210112

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only this specific firmware version is confirmed vulnerable. Other versions may also be affected but not verified.

📦 What is this software?

A950rg Firmware by Totolink

View all CVEs affecting A950rg Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network compromise, data exfiltration, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Router compromise allowing traffic interception, DNS hijacking, credential theft, and use as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub reference contains detailed exploitation information. This is a classic command injection vulnerability requiring minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected devices with patched or alternative models
Implement strict network firewall rules blocking all unnecessary access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version matches V4.1.2cu.5204_B20210112, device is vulnerable.

Check Version:

Check router web interface at System Status or similar section for firmware version

Verify Fix Applied:

Verify firmware version has changed from vulnerable version. Test setDeviceName interface with safe payloads to confirm command injection is no longer possible.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts to admin interface
Suspicious device name changes

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs
DNS queries to suspicious domains

SIEM Query:

source="router_logs" AND (message="*setDeviceName*" OR message="*deviceMac*" OR message="*command injection*")

📊 Metadata

CVE ID: CVE-2025-45800

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.64% exploit probability (70.1th percentile)

Published: May 2, 2025

Last Updated: June 4, 2025

🔗 References

https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setDeviceName-deviceMac-command.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45800, you might also want to check these: