CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48859
https://notcve.org/view.php?id=CVE-2023-48859
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. TOTOLINK A3002RU versión 2.0.0-B20190902.1958 tiene un RCE de autenticación posterior debido a un control de acceso incorrecto, permite a los atacantes eludir las restricciones de seguridad del front-end y ejecutar código arbitrario. • https://github.com/xieqiang11/security_research/blob/main/TOTOLINK-A3002RU-RCE.md • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-35491
https://notcve.org/view.php?id=CVE-2022-35491
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. TOTOLINK A3002RU versión V3.0.0-B20220304.1804, presenta una contraseña embebida para root en el archivo /etc/shadow.sample • https://github.com/1337536723/iot/blob/main/totolink/A3002RU.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 26EXPL: 1CVE-2020-25499
https://notcve.org/view.php?id=CVE-2020-25499
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router. TOTOLINK A3002RU-V2.0.0 versión B20190814.1034, permite a usuarios remotos autenticados modificar el "Run Command" del sistema. Un atacante puede usar esta funcionalidad para ejecutar comandos arbitrarios del sistema operativo en el enrutador • https://github.com/kdoos/Vulnerabilities/blob/main/RCE_TOTOLINK-A3002RU-V2 https://www.totolink.net/home/index/newsss/id/196.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-13313 – Admin Password returned in password.htm
https://notcve.org/view.php?id=CVE-2018-13313
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. En TOTOLINK A3002RU versión 1.0.8, el enrutador proporciona una página que permite al usuario cambiar su nombre de cuenta y contraseña. Esta página, password.htm, contiene JavaScript que es utilizado para confirmar que el usuario conozca su contraseña actual antes de permitirle cambiar su contraseña. • https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154 https://www.ise.io/casestudies/sohopelessly-broken-2-0 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 91%CPEs: 16EXPL: 4CVE-2019-19824 – Realtek SDK Information Disclosure / Code Execution
https://notcve.org/view.php?id=CVE-2019-19824
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. En determinados enrutadores basados ??en TOTOLINK Realtek SDK, un atacante autenticado puede ejecutar comandos arbitrarios de Sistema Operativo por medio del parámetro sysCmd en el URI boafrm/formSysCmd, inclusive si la GUI (syscmd.htm) no está disponible. • http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html http://seclists.org/fulldisclosure/2020/Jan/36 http://seclists.org/fulldisclosure/2020/Jan/38 https://sploit.tech https://github.com/yckuo-sdc/totolink-boa-api-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •