Lucene search

[email protected]CVE-2015-9551

HistoryNov 24, 2020 - 9:15 p.m.

CVE-2015-9551

2020-11-2421:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

In Wild

cve-2015-9551

totolink

remote code execution

nvd

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.9%

JSON

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.

CPENameOperatorVersion
totolink:a850r-v1_firmwaretotolink a850r-v1 firmwarelt1.0.1-b20150707.1612
totolink:f1-v2_firmwaretotolink f1-v2 firmwarelt2.1.1-b20150708.1646
totolink:f2-v1_firmwaretotolink f2-v1 firmwarelt2.1.0-b20150320.1611
totolink:n150rt-v2_firmwaretotolink n150rt-v2 firmwarelt2.1.1-b20150708.1548
totolink:n151rt-v2_firmwaretotolink n151rt-v2 firmwarelt1.1-b20150708.1559
totolink:n300rh-v2_firmwaretotolink n300rh-v2 firmwarelt2.0.1-b20150708.1625
totolink:n300rh-v3_firmwaretotolink n300rh-v3 firmwarelt3.0.0-b20150331.0858
totolink:n300rt-v2_firmwaretotolink n300rt-v2 firmwarelt2.1.1-b20150708.1613

CPE	Name	Operator	Version
totolink:a850r-v1_firmware	totolink a850r-v1 firmware	lt	1.0.1-b20150707.1612
totolink:f1-v2_firmware	totolink f1-v2 firmware	lt	2.1.1-b20150708.1646
totolink:f2-v1_firmware	totolink f2-v1 firmware	lt	2.1.0-b20150320.1611
totolink:n150rt-v2_firmware	totolink n150rt-v2 firmware	lt	2.1.1-b20150708.1548
totolink:n151rt-v2_firmware	totolink n151rt-v2 firmware	lt	1.1-b20150708.1559
totolink:n300rh-v2_firmware	totolink n300rh-v2 firmware	lt	2.0.1-b20150708.1625
totolink:n300rh-v3_firmware	totolink n300rh-v3 firmware	lt	3.0.0-b20150331.0858
totolink:n300rt-v2_firmware	totolink n300rt-v2 firmware	lt	2.1.1-b20150708.1613

References

pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2015-9551

cnvd1 cvelist1 prion1 attackerkb1