9

CVE-2019-19824

Exploit

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2.

Data is provided by the National Vulnerability Database (NVD)
TotolinkA3002ru Firmware Version <= 2.0.0
   TotolinkA3002ru Version-
TotolinkA702r Firmware Version <= 2.1.3
   TotolinkA702r Version-
TotolinkN301rt Firmware Version <= 2.1.6
   TotolinkN301rt Version-
TotolinkN302r Firmware Version <= 3.4.0
   TotolinkN302r Version-
TotolinkN300rt Firmware Version <= 3.4.0
   TotolinkN300rt Version-
TotolinkN200re Firmware Version <= 4.0.0
   TotolinkN200re Version-
TotolinkN150rt Firmware Version <= 3.4.0
   TotolinkN150rt Version-
TotolinkN100re Firmware Version <= 3.4.0
   TotolinkN100re Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 93.67% 0.998
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://seclists.org/fulldisclosure/2020/Jan/36
Third Party Advisory
Exploit
Mailing List
http://seclists.org/fulldisclosure/2020/Jan/38
Third Party Advisory
Exploit
Mailing List
https://sploit.tech
Third Party Advisory
Exploit