CVSS: 9.0EPSS: 0%CPEs: 26EXPL: 1CVE-2020-25499
https://notcve.org/view.php?id=CVE-2020-25499
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router. TOTOLINK A3002RU-V2.0.0 versión B20190814.1034, permite a usuarios remotos autenticados modificar el "Run Command" del sistema. Un atacante puede usar esta funcionalidad para ejecutar comandos arbitrarios del sistema operativo en el enrutador • https://github.com/kdoos/Vulnerabilities/blob/main/RCE_TOTOLINK-A3002RU-V2 https://www.totolink.net/home/index/newsss/id/196.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2015-9550
https://notcve.org/view.php?id=CVE-2015-9550
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. Se detectó un problema en los dispositivos TOTOLINK A850R-V1 versiones hasta 1.0.1-B20150707.1612 y F1-V2 versiones hasta 1.1-B20150708.1646. Mediante el envío de un paquete hel,xasf específico hacia la interfaz WAN, es posible abrir la interfaz de administración web sobre la interfaz WAN • https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 1CVE-2015-9551
https://notcve.org/view.php?id=CVE-2015-9551
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. Se detectó un problema en los dispositivos TOTOLINK A850R-V1 versiones hasta 1.0.1-B20150707.1612 y F1-V2 versiones hasta 1.1-B20150708.1646. Se presenta una Ejecución de Código Remota en la interfaz de administración por medio del parámetro formSysCmd sysCmd • https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html •
CVSS: 9.0EPSS: 91%CPEs: 16EXPL: 4CVE-2019-19824 – Realtek SDK Information Disclosure / Code Execution
https://notcve.org/view.php?id=CVE-2019-19824
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. En determinados enrutadores basados ??en TOTOLINK Realtek SDK, un atacante autenticado puede ejecutar comandos arbitrarios de Sistema Operativo por medio del parámetro sysCmd en el URI boafrm/formSysCmd, inclusive si la GUI (syscmd.htm) no está disponible. • http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html http://seclists.org/fulldisclosure/2020/Jan/36 http://seclists.org/fulldisclosure/2020/Jan/38 https://sploit.tech https://github.com/yckuo-sdc/totolink-boa-api-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 1CVE-2019-19825 – Realtek SDK Information Disclosure / Code Execution
https://notcve.org/view.php?id=CVE-2019-19825
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. En determinados enrutadores basados ?? • http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html http://seclists.org/fulldisclosure/2020/Jan/36 http://seclists.org/fulldisclosure/2020/Jan/38 https://sploit.tech • CWE-287: Improper Authentication •