CVE-2015-9551
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.
Affected (8)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1-b20150707.1612 |
| Running on/with | Platform Versions |
|---|---|
Totolink A850r V1 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.1-b20150708.1646 |
| Running on/with | Platform Versions |
|---|---|
Totolink F1 V2 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.0-b20150320.1611 |
| Running on/with | Platform Versions |
|---|---|
Totolink F2 V1 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.1-b20150708.1548 |
| Running on/with | Platform Versions |
|---|---|
Totolink N150rt V2 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.1-b20150708.1559 |
| Running on/with | Platform Versions |
|---|---|
Totolink N151rt V2 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.0.1-b20150708.1625 |
| Running on/with | Platform Versions |
|---|---|
Totolink N300rh V2 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.0.0-b20150331.0858 |
| Running on/with | Platform Versions |
|---|---|
Totolink N300rh V3 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.1-b20150708.1613 |
| Running on/with | Platform Versions |
|---|---|
Totolink N300rt V2 | All versions |
References (2)
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.