CVE-2019-19824

high-risk

Published 2020-01-27

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2.

Do I need to act?

90.2% chance of exploitation in next 30 days

EPSS score — higher than 10% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (8)

A3002Ru Firmware

A702R Firmware

N301Rt Firmware

N302R Firmware

N300Rt Firmware

N200Re Firmware

N150Rt Firmware

N100Re Firmware

Affected Vendors

Totolink

References (9)

Exploit http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-C...

Exploit http://seclists.org/fulldisclosure/2020/Jan/36

Exploit http://seclists.org/fulldisclosure/2020/Jan/38

https://github.com/yckuo-sdc/totolink-boa-api-vulnerabilities

Exploit https://sploit.tech

Exploit http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-C...

Exploit http://seclists.org/fulldisclosure/2020/Jan/36

Exploit http://seclists.org/fulldisclosure/2020/Jan/38

Exploit https://sploit.tech

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 20/34 · Moderate

Exposure 14/34 · Moderate