9.8

CVE-2019-19825

Exploit

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.

Data is provided by the National Vulnerability Database (NVD)
TotolinkA3002ru Firmware Version <= 2.0.0
   TotolinkA3002ru Version-
TotolinkA702r Firmware Version <= 2.1.3
   TotolinkA702r Version-
TotolinkN301rt Firmware Version <= 2.1.6
   TotolinkN301rt Version-
TotolinkN302r Firmware Version <= 3.4.0
   TotolinkN302r Version-
TotolinkN300rt Firmware Version <= 3.4.0
   TotolinkN300rt Version-
TotolinkN200re Firmware Version <= 4.0.0
   TotolinkN200re Version-
TotolinkN150rt Firmware Version <= 3.4.0
   TotolinkN150rt Version-
TotolinkN100re Firmware Version <= 3.4.0
   TotolinkN100re Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.62% 0.69
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://seclists.org/fulldisclosure/2020/Jan/36
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Jan/38
Third Party Advisory
Mailing List
https://sploit.tech
Third Party Advisory
Exploit