Totolink N300Rh-V3 Firmware vulnerabilities
3 known vulnerabilities affecting totolink/n300rh-v3_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-25499HIGHCVSS 8.8Exploitedfixed in 3.2.4-b20201029.18382020-12-09
CVE-2020-25499 [HIGH] CWE-78 CVE-2020-25499: TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
nvd
CVE-2015-9551CRITICALCVSS 9.8fixed in 3.0.0-b20150331.08582020-11-24
CVE-2015-9551 [CRITICAL] CVE-2015-9551: An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B201
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.
nvd
CVE-2015-9550HIGHCVSS 7.5fixed in 3.0.0-b20150331.08582020-11-24
CVE-2015-9550 [HIGH] CWE-668 CVE-2015-9550: An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B201
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.
nvd