TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
2020-12-09T21:15:15.477
2024-11-21T05:18:04.130
Modified
CVSSv3.1: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | totolink | a3002r_firmware | < 1.1.1-b20200824.0128 | Yes |
| Hardware | totolink | a3002r | - | No |
| Operating System | totolink | a3002ru-v1_firmware | < 3.4.0-b20201030.1754 | Yes |
| Hardware | totolink | a3002ru-v1 | - | No |
| Operating System | totolink | a3002ru-v2_firmware | < 2.1.1-b20200911.1756 | Yes |
| Hardware | totolink | a3002ru-v2 | - | No |
| Operating System | totolink | a702r-v2_firmware | < 1.0.0-b20201028.1743 | Yes |
| Hardware | totolink | a702r-v2 | - | No |
| Operating System | totolink | a702r-v3_firmware | < 1.0.0-b20201103.1713 | Yes |
| Hardware | totolink | a702r-v3 | - | No |
| Operating System | totolink | n100re-v3_firmware | < 3.4.0-b20201030.0926 | Yes |
| Hardware | totolink | n100re-v3 | - | No |
| Operating System | totolink | n150rt_firmware | < 3.4.0-b20201030.1142 | Yes |
| Hardware | totolink | n150rt | - | No |
| Operating System | totolink | n200re-v3_firmware | < 3.4.0-b20201029.1811 | Yes |
| Hardware | totolink | n200re-v3 | - | No |
| Operating System | totolink | n200re-v4_firmware | < 4.0.0-b20200805.1507 | Yes |
| Hardware | totolink | n200re-v4 | - | No |
| Operating System | totolink | n210re_firmware | < 1.0.0-b20201030.2030 | Yes |
| Hardware | totolink | n210re | - | No |
| Operating System | totolink | n300rh-v3_firmware | < 3.2.4-b20201029.1838 | Yes |
| Hardware | totolink | n300rh-v3 | - | No |
| Operating System | totolink | n300rt_firmware | < 3.4.0-b20201026.2033 | Yes |
| Hardware | totolink | n300rt | - | No |
| Operating System | totolink | n302r_plus_firmware | < 3.4.0-b20201028.2224 | Yes |
| Hardware | totolink | n302r_plus | - | No |