CVE-2020-25499
published 2020-12-09CVE-2020-25499: TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITW
Exploited in the wild
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | a3002r_firmware | < 1.1.1-b20200824.0128 | 1.1.1-b20200824.0128 |
| totolink | a3002ru-v1_firmware | < 3.4.0-b20201030.1754 | 3.4.0-b20201030.1754 |
| totolink | a3002ru-v2_firmware | < 2.1.1-b20200911.1756 | 2.1.1-b20200911.1756 |
| totolink | a702r-v2_firmware | < 1.0.0-b20201028.1743 | 1.0.0-b20201028.1743 |
| totolink | a702r-v3_firmware | < 1.0.0-b20201103.1713 | 1.0.0-b20201103.1713 |
| totolink | n100re-v3_firmware | < 3.4.0-b20201030.0926 | 3.4.0-b20201030.0926 |
| totolink | n150rt_firmware | < 3.4.0-b20201030.1142 | 3.4.0-b20201030.1142 |
| totolink | n200re-v3_firmware | < 3.4.0-b20201029.1811 | 3.4.0-b20201029.1811 |
| totolink | n200re-v4_firmware | < 4.0.0-b20200805.1507 | 4.0.0-b20200805.1507 |
| totolink | n210re_firmware | < 1.0.0-b20201030.2030 | 1.0.0-b20201030.2030 |
| totolink | n300rh-v3_firmware | < 3.2.4-b20201029.1838 | 3.2.4-b20201029.1838 |
| totolink | n300rt_firmware | < 3.4.0-b20201026.2033 | 3.4.0-b20201026.2033 |
| totolink | n302r_plus_firmware | < 3.4.0-b20201028.2224 | 3.4.0-b20201028.2224 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH