CVE-2025-45798 is a command execution vulnerability identified in the TOTOLINK A950RG router firmware version V4.1.2cu.5204_B20210112. The flaw resides in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in how it processes the IpTo parameter. This vulnerability is categorized under CWE-77, which relates to improper neutralization of special elements used in a command ('Command Injection'). An attacker can exploit this vulnerability remotely over the network (AV:N), without requiring any privileges (PR:N) or user interaction (UI:N). The vulnerability allows an attacker to inject and execute arbitrary commands on the affected device, potentially leading to unauthorized control or manipulation of the router. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with impacts primarily on confidentiality and integrity, but not availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability's scope is unchanged (S:U), meaning the impact is limited to the vulnerable component without affecting other system components. The lack of authentication requirements and remote exploitability increases the risk profile for exposed devices. TOTOLINK routers are commonly used in small office/home office (SOHO) environments, and this vulnerability could be leveraged to compromise network traffic or pivot into internal networks if exploited.

For European organizations, especially small businesses and home users relying on TOTOLINK A950RG routers, this vulnerability poses a significant risk. Exploitation could lead to unauthorized command execution on routers, enabling attackers to intercept, modify, or redirect network traffic, potentially compromising sensitive data confidentiality and integrity. This could facilitate further attacks such as man-in-the-middle, data exfiltration, or network reconnaissance. Given the router's role as a network gateway, successful exploitation could undermine the security posture of connected devices and internal networks. Although the vulnerability does not directly impact availability, the loss of confidentiality and integrity can have serious consequences, including regulatory non-compliance under GDPR if personal data is exposed. The absence of authentication and user interaction requirements means that attackers can exploit this remotely without user awareness, increasing the likelihood of attacks against exposed devices. European organizations with remote or unmanaged network devices are particularly vulnerable if these routers are deployed without adequate network segmentation or monitoring.

Immediate mitigation steps include isolating TOTOLINK A950RG routers from direct internet exposure by placing them behind firewalls or VPNs to restrict access to the vulnerable interface. Network administrators should disable or restrict access to the setNoticeCfg interface if possible. Monitoring network traffic for unusual commands or anomalies related to the IpTo parameter can help detect exploitation attempts. Since no official patches are currently available, organizations should engage with TOTOLINK support channels to obtain firmware updates or advisories. As a longer-term measure, consider replacing vulnerable devices with routers from vendors with robust security update policies. Implement network segmentation to limit the impact of compromised devices and enforce strict access controls on management interfaces. Regularly audit router configurations and firmware versions to ensure compliance with security best practices. Employ intrusion detection/prevention systems (IDS/IPS) to identify and block exploitation attempts targeting this vulnerability.