N300rt Firmware Security Vulnerabilities and Issues — N300rt Firmware CVE List

Lucene search

TotolinkN300rt Firmware

11 matches found

CVE•added 2020/01/27 6:15 p.m.•184 views

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0...

9CVSS8.9AI score0.93672EPSS

CVE•added 2020/01/27 6:15 p.m.•92 views

CVE-2019-19822

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R ...

7.5CVSS8AI score0.02785EPSS

CVE•added 2020/01/27 6:15 p.m.•90 views

CVE-2019-19823

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4....

7.5CVSS7.9AI score0.01361EPSS

CVE•added 2020/01/27 5:15 p.m.•90 views

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform ...

9.8CVSS9.3AI score0.00619EPSS

CVE•added 2020/12/09 9:15 p.m.•75 views

CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

9CVSS8.8AI score0.21814EPSS

CVE•added 2024/04/18 5:15 p.m.•51 views

CVE-2024-32334

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.

6.5CVSS6AI score0.00087EPSS

CVE•added 2024/04/18 5:15 p.m.•46 views

CVE-2024-32332

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.

6.1CVSS6AI score0.00134EPSS

CVE•added 2024/04/18 5:15 p.m.•44 views

CVE-2024-32333

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.

4.3CVSS6AI score0.00091EPSS

CVE•added 2024/04/18 5:15 p.m.•40 views

CVE-2024-32327

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page.

5.5CVSS6AI score0.00087EPSS

CVE•added 2024/04/18 5:15 p.m.•39 views

CVE-2024-32335

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.

5.4CVSS6AI score0.00121EPSS

CVE•added 2023/12/07 8:15 a.m.•32 views

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

9.8CVSS9.6AI score0.00146EPSS