CVE-2020-25499 | SynScan

Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

Published: Dec 9, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-25499
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
totolink / a3002r_firmware	-	1.1.1-b20200824.0128
totolink / a3002ru-v1_firmware	-	3.4.0-b20201030.1754
totolink / a3002ru-v2_firmware	-	2.1.1-b20200911.1756
totolink / a702r-v2_firmware	-	1.0.0-b20201028.1743
totolink / a702r-v3_firmware	-	1.0.0-b20201103.1713
totolink / n100re-v3_firmware	-	3.4.0-b20201030.0926
totolink / n150rt_firmware	-	3.4.0-b20201030.1142
totolink / n200re-v3_firmware	-	3.4.0-b20201029.1811
totolink / n200re-v4_firmware	-	4.0.0-b20200805.1507
totolink / n210re_firmware	-	1.0.0-b20201030.2030
totolink / n300rh-v3_firmware	-	3.2.4-b20201029.1838
totolink / n300rt_firmware	-	3.4.0-b20201026.2033
totolink / n302r_plus_firmware	-	3.4.0-b20201028.2224