CVE-2019-19825

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU versions 2.0.0 and earlier TOTOLINK A702R versions 2.1.3 and earlier TOTOLINK N301RT versions 2.1.6 and earlier TOTOLINK N302R versions 3.4.0 and earlier TOTOLINK N300RT versions 3.4.0 and earlier TOTOLINK N200RE versions 4.0.0 and earlier TOTOLINK N150RT versions 3.4.0 and earlier TOTOLINK N100RE versions 3.4.0 and earlier

Description The issue allows an attacker to bypass the CAPTCHA protection on certain TOTOLINK Realtek SDK based routers. This can be achieved by sending a POST request to the "boafrm/formLogin" URI with a specific topicurl parameter set to "setting/getSanvas", which retrieves the CAPTCHA text. Once valid credentials are obtained, the attacker can perform router actions via HTTP requests using Basic Authentication.

Recommendations For TOTOLINK A3002RU versions 2.0.0 and earlier, update to a version later than 2.0.0. For TOTOLINK A702R versions 2.1.3 and earlier, update to a version later than 2.1.3. For TOTOLINK N301RT versions 2.1.6 and earlier, update to a version later than 2.1.6. For TOTOLINK N302R versions 3.4.0 and earlier, update to a version later than 3.4.0. For TOTOLINK N300RT versions 3.4.0 and earlier, update to a version later than 3.4.0. For TOTOLINK N200RE versions 4.0.0 and earlier, update to a version later than 4.0.0. For TOTOLINK N150RT versions 3.4.0 and earlier, update to a version later than 3.4.0. For TOTOLINK N100RE versions 3.4.0 and earlier, update to a version later than 3.4.0. As a temporary workaround, consider restricting access to the "boafrm/formLogin" URI and disabling Basic Authentication until a patch is available.