PT-2020-7922 · Totolink · Totolink A850R-V1+1

Alexandre Torres

Published

2020-11-24

Updated

2020-12-04

CVE-2015-9551

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: TOTOLINK A850R-V1 versions 1.0.1-B20150707.1612 and earlier TOTOLINK F1-V2 versions 1.1-B20150708.1646 and earlier

Description: An issue was discovered in the management interface of the affected devices, allowing Remote Code Execution via the sysCmd parameter in the formSysCmd interface.

Recommendations: For TOTOLINK A850R-V1 versions 1.0.1-B20150707.1612 and earlier, consider disabling the formSysCmd interface until a patch is available. For TOTOLINK F1-V2 versions 1.1-B20150708.1646 and earlier, restrict access to the management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-9551

Affected Products

Totolink A850R-V1

Totolink F1-V2

PT-2020-7922 · Totolink · Totolink A850R-V1+1

CVE-2015-9551

Related Identifiers

Affected Products

References · 3