N150rt Firmware Security Vulnerabilities and Issues — N150rt Firmware CVE List

Lucene search

TotolinkN150rt Firmware

10 matches found

CVE•added 2020/01/27 6:15 p.m.•190 views

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0...

9CVSS8.9AI score0.93672EPSS

CVE•added 2020/01/27 5:15 p.m.•90 views

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform ...

9.8CVSS9.3AI score0.00619EPSS

CVE•added 2020/12/09 9:15 p.m.•75 views

CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

9CVSS8.8AI score0.21814EPSS

CVE•added 2025/04/28 1:15 a.m.•52 views

CVE-2025-3993

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed...

9CVSS8.9AI score0.00168EPSS

CVE•added 2025/04/27 11:15 p.m.•51 views

CVE-2025-3989

A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit ha...

9CVSS8.9AI score0.00168EPSS

CVE•added 2025/04/27 11:15 p.m.•50 views

CVE-2025-3990

A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exp...

9CVSS7.3AI score0.00168EPSS

CVE•added 2025/04/27 10:15 p.m.•48 views

CVE-2025-3988

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclo...

9CVSS7.4AI score0.00163EPSS

CVE•added 2025/04/28 12:15 a.m.•48 views

CVE-2025-3992

A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been discl...

9CVSS8.9AI score0.00168EPSS

CVE•added 2025/04/28 12:15 a.m.•47 views

CVE-2025-3991

A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has bee...

9CVSS8.9AI score0.00168EPSS

CVE•added 2025/05/09 5:15 a.m.•47 views

CVE-2025-4462

A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has bee...

9CVSS7.3AI score0.00163EPSS