Remote Code Execution Vulnerability in TOTOLINK A850R and F1 Products
CVE-2015-9551

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: A850r-v1 Firmware
Vendor: CVE Published:; 24 November 2020

Summary

A remote code execution vulnerability has been identified in select TOTOLINK router models, particularly the A850R-V1 and F1-V2 series. This issue allows an attacker to exploit the management interface through the 'formSysCmd' parameter, potentially executing arbitrary commands on the device. Versions 1.0.1-B20150707.1612 for A850R-V1 and 1.1-B20150708.1646 for F1-V2 are known to be affected. Users are advised to review their device settings and apply any available updates to mitigate this risk.

References

https://pierrekim.github.io/blog/2015-07-16-backdoor-and-...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 24, 2020
Vulnerability Reserved
Nov 24, 2020