Vulnerabilities > CVE-2015-9551 - Unspecified vulnerability in Totolink products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

totolink

critical

NVD

Published: 2020-11-24

Updated: 2020-12-04

Summary

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink A850R V1 Firmware * Totolink F1 V2 Firmware * Totolink F2 V1 Firmware * Totolink N150Rt V2 Firmware * Totolink N151Rt V2 Firmware * Totolink N300Rh V2 Firmware * Totolink N300Rh V3 Firmware * Totolink N300Rt V2 Firmware *	8
Hardware	Totolink Totolink A850R V1 - Totolink F1 V2 - Totolink F2 V1 - Totolink N150Rt V2 - Totolink N151Rt V2 - Totolink N300Rh V2 - Totolink N300Rh V3 - Totolink N300Rt V2 -	8

References

https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html