CVE-2015-9550

moderate-risk
Published 2020-11-24

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (8)

A850R-V1 Firmware
F1-V2 Firmware
F2-V1 Firmware
N150Rt-V2 Firmware
N151Rt-V2 Firmware
N300Rh-V2 Firmware
N300Rt-V2 Firmware

Affected Vendors

Totolink

References (2)

Exploit https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK...
Exploit https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK...
41
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 14/34 · Moderate