Directory Indexing Flaw in TOTOLINK A702R Router
CVE-2020-27368

5.5MEDIUM

Key Information:

Vendor: Totolink
Status: A702r Firmware
Vendor: CVE Published:; 14 January 2021

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-27368?

A directory indexing vulnerability exists in the login portal of the TOTOLINK A702R router. This flaw allows an attacker to access and enumerate sensitive directories, such as /icons/, through crafted GET parameters. Exploiting this vulnerability could lead to unauthorized access to potentially sensitive files and information, posing a risk to the overall security of the network.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-27368
Created by swzhouu

References

https://github.com/swzhouu/CVE-2020-27368

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 7, 2023
👾
Exploit known to exist
Feb 7, 2023
Vulnerability published
Jan 14, 2021
Vulnerability Reserved
Oct 21, 2020