CVE-2020-25499 : TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modi

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

Published 2020-12-09 21:15:15

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-25499

Totolink » N300rh-v3 Firmware
Versions before (<) 3.2.4-b20201029.1838
cpe:2.3:o:totolink:n300rh-v3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N300rh-v3 » Version: N/A
Totolink » N300rt Firmware
Versions before (<) 3.4.0-b20201026.2033
cpe:2.3:o:totolink:n300rt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N300rt » Version: N/A
Totolink » N150rt Firmware
Versions before (<) 3.4.0-b20201030.1142
cpe:2.3:o:totolink:n150rt_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N150rt » Version: N/A
Totolink » A3002r Firmware
Versions before (<) 1.1.1-b20200824.0128
cpe:2.3:o:totolink:a3002r_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » A3002r » Version: N/A
Totolink » A3002ru-v1 Firmware
Versions before (<) 3.4.0-b20201030.1754
cpe:2.3:o:totolink:a3002ru-v1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » A3002ru-v1 » Version: N/A
Totolink » A3002ru-v2 Firmware
Versions before (<) 2.1.1-b20200911.1756
cpe:2.3:o:totolink:a3002ru-v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » A3002ru-v2 » Version: N/A
Totolink » A702r-v2 Firmware
Versions before (<) 1.0.0-b20201028.1743
cpe:2.3:o:totolink:a702r-v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » A702r-v2 » Version: N/A
Totolink » A702r-v3 Firmware
Versions before (<) 1.0.0-b20201103.1713
cpe:2.3:o:totolink:a702r-v3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » A702r-v3 » Version: N/A
Totolink » N100re-v3 Firmware
Versions before (<) 3.4.0-b20201030.0926
cpe:2.3:o:totolink:n100re-v3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N100re-v3 » Version: N/A
Totolink » N200re-v3 Firmware
Versions before (<) 3.4.0-b20201029.1811
cpe:2.3:o:totolink:n200re-v3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N200re-v3 » Version: N/A
Totolink » N200re-v4 Firmware
Versions before (<) 4.0.0-b20200805.1507
cpe:2.3:o:totolink:n200re-v4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N200re-v4 » Version: N/A
Totolink » N210re Firmware
Versions before (<) 1.0.0-b20201030.2030
cpe:2.3:o:totolink:n210re_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N210re » Version: N/A
Totolink » N302r Plus Firmware
Versions before (<) 3.4.0-b20201028.2224
cpe:2.3:o:totolink:n302r_plus_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » N302r Plus » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-25499

EPSS FAQ

21.81%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-25499

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-25499

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-25499

https://github.com/kdoos/Vulnerabilities/blob/main/RCE_TOTOLINK-A3002RU-V2

Exploit;Third Party Advisory
https://www.totolink.net/home/index/newsss/id/196.html

Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-25499

Products affected by CVE-2020-25499

Exploit prediction scoring system (EPSS) score for CVE-2020-25499

CVSS scores for CVE-2020-25499

CWE ids for CVE-2020-25499

References for CVE-2020-25499