N300rt Firmware Security Vulnerabilities and Issues — N300rt Firmware CVE List

Lucene search

TotolinkN300rt Firmware

4 matches found

CVE•added 2020/01/27 6:15 p.m.•194 views

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0...

9CVSS8.9AI score0.93672EPSS

CVE•added 2020/01/27 5:15 p.m.•90 views

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform ...

9.8CVSS9.3AI score0.00619EPSS

CVE•added 2020/12/09 9:15 p.m.•75 views

CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

9CVSS8.8AI score0.21814EPSS

CVE•added 2023/12/07 8:15 a.m.•32 views

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

9.8CVSS9.6AI score0.00146EPSS