Vulnerabilities > CVE-2015-9551 - Unspecified vulnerability in Totolink products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

totolink

critical

NVD

Published: 2020-11-24

Updated: 2024-11-21

Summary

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink A850R V1 Firmware * Totolink F1 V2 Firmware * Totolink F2 V1 Firmware * Totolink N150Rt V2 Firmware * Totolink N151Rt V2 Firmware * Totolink N300Rh V2 Firmware * Totolink N300Rh V3 Firmware * Totolink N300Rt V2 Firmware *	8
Hardware	Totolink Totolink A850R V1 - Totolink F1 V2 - Totolink F2 V1 - Totolink N150Rt V2 - Totolink N151Rt V2 - Totolink N300Rh V2 - Totolink N300Rh V3 - Totolink N300Rt V2 -	8

Summary

Vulnerable Configurations

References