Vulnerabilities > CVE-2015-9550 - Exposure of Resource to Wrong Sphere vulnerability in Totolink products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

totolink

CWE-668

NVD

Published: 2020-11-24

Updated: 2020-12-04

Summary

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink A850R V1 Firmware * Totolink F1 V2 Firmware * Totolink F2 V1 Firmware * Totolink N150Rt V2 Firmware * Totolink N151Rt V2 Firmware * Totolink N300Rh V2 Firmware * Totolink N300Rh V3 Firmware * Totolink N300Rt V2 Firmware *	8
Hardware	Totolink Totolink A850R V1 - Totolink F1 V2 - Totolink F2 V1 - Totolink N150Rt V2 - Totolink N151Rt V2 - Totolink N300Rh V2 - Totolink N300Rh V3 - Totolink N300Rt V2 -	8

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html