N200re Firmware Security Vulnerabilities and Issues — N200re Firmware CVE List

Lucene search

TotolinkN200re Firmware

7 matches found

CVE•added 2020/01/27 6:15 p.m.•206 views

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0...

9CVSS8.9AI score0.93672EPSS

CVE•added 2020/01/27 5:15 p.m.•90 views

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform ...

9.8CVSS9.3AI score0.00619EPSS

CVE•added 2024/01/08 6:15 a.m.•55 views

CVE-2024-0299

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched ...

9.8CVSS9.7AI score0.02071EPSS

CVE•added 2024/01/08 5:15 a.m.•45 views

CVE-2024-0298

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exp...

9.8CVSS9.7AI score0.02787EPSS

CVE•added 2024/01/08 5:15 a.m.•43 views

CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The expl...

9.8CVSS9.7AI score0.01535EPSS

CVE•added 2024/01/08 4:15 a.m.•41 views

CVE-2024-0296

A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotel...

9.8CVSS9.7AI score0.02071EPSS

CVE•added 2024/01/29 2:15 p.m.•33 views

CVE-2024-1001

A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the ...

9.8CVSS9.5AI score0.00111EPSS