Remote Code Execution Vulnerability in TOTOLINK Networking Devices
CVE-2015-9550

7.5HIGH

Key Information:

Vendor: Totolink
Status: A850r-v1 Firmware
Vendor: CVE Published:; 24 November 2020

What is CVE-2015-9550?

A vulnerability has been discovered in TOTOLINK A850R-V1 and F1-V2 routers, allowing for unauthorized remote access. By sending a specially crafted hel,xasf packet to the WAN interface, malicious actors can gain access to the web management interface, potentially leading to system compromise and unauthorized control over the device. This issue underscores the importance of securing router configurations and monitoring network traffic to prevent exploitations.

References

https://pierrekim.github.io/blog/2015-07-16-backdoor-and-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2020
Vulnerability Reserved
Nov 24, 2020

Totolink

What is CVE-2015-9550?

References

CVSS V3.1

Timeline