CVE-2015-9550
First published: Tue Nov 24 2020(Updated: )
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A850R-V1 Firmware | <1.0.1-b20150707.1612 | |
| Totolink A850R-V1 Firmware | ||
| Totolink F1-v2 | <2.1.1-b20150708.1646 | |
| Totolink F1-v2 Firmware | ||
| Totolink F2-v1 | <2.1.0-b20150320.1611 | |
| Totolink F2-v1 Firmware | ||
| Totolink N150rt | <2.1.1-b20150708.1548 | |
| Totolink N150rt-v2 Firmware | ||
| Totolink N151rt-v2 | <1.1-b20150708.1559 | |
| Totolink N151rt-v2 Firmware | ||
| Totolink N300RH-v2 | <2.0.1-b20150708.1625 | |
| Totolink N300rh-v2 Firmware | ||
| Totolink N300RH-v3 Firmware | <3.0.0-b20150331.0858 | |
| Totolink N300RH-v3 Firmware | ||
| Totolink N300rt-v2 Firmware | <2.1.1-b20150708.1613 | |
| Totolink N300rt-v2 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-9550?
CVE-2015-9550 is considered a high severity vulnerability as it allows unauthorized access to the web management interface.
How can I fix CVE-2015-9550?
To mitigate CVE-2015-9550, it is recommended to update the firmware to a version that is not affected by the vulnerability.
Which devices are affected by CVE-2015-9550?
CVE-2015-9550 affects TOTOLINK A850R-V1 and F1-V2 routers running specific firmware versions.
What kind of attack is associated with CVE-2015-9550?
CVE-2015-9550 is associated with a remote code execution attack that can be triggered by sending a specific packet to the WAN interface.
Is there a known exploit for CVE-2015-9550?
Yes, there is a known exploit for CVE-2015-9550 that involves sending a crafted hel,xasf packet to access the vulnerable web interface.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/totolink
- canonical/totolink a850r-v1 firmware
- canonical/totolink f1-v2
- canonical/totolink f1-v2 firmware
- canonical/totolink f2-v1
- canonical/totolink f2-v1 firmware
- canonical/totolink n150rt
- canonical/totolink n150rt-v2 firmware
- canonical/totolink n151rt-v2
- canonical/totolink n151rt-v2 firmware
- canonical/totolink n300rh-v2
- canonical/totolink n300rh-v2 firmware
- canonical/totolink n300rh-v3 firmware
- canonical/totolink n300rt-v2 firmware