CVE-2020-25499

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU version 2.0.0 B20190814.1034

Description The issue allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

Recommendations For TOTOLINK A3002RU version 2.0.0 B20190814.1034, consider disabling the 'Run Command' functionality until a patch is available to prevent the execution of arbitrary OS commands. Restrict access to the router to minimize the risk of exploitation.

Exploit

Fix

Missing Authorization

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-78

Related Identifiers

CVE-2020-25499

Affected Products

Totolink A3002Ru

CVE-2020-25499

Weakness Enumeration

Related Identifiers

Affected Products

References · 13