← Back

N200re Firmware

n200re_firmware

Vendor: Totolink • 21 CVEs

CVEs (21)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-19825
1Totolink
8A3002ru Firmware
A702r FirmwareN100re Firmware+5 more
Nov 21, 2024
Jan 27, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not neede...Show more
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.Show less