CVE-2020-25499: OS Command Injection
First published: Wed Dec 09 2020(Updated: )
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3002r Firmware | <1.1.1-b20200824.0128 | |
| Totolink A3002r Firmware | ||
| TOTOLINK A3002RU | <3.4.0-b20201030.1754 | |
| TOTOLINK A3002RU | ||
| TOTOLINK A3002RU | <2.1.1-b20200911.1756 | |
| TOTOLINK A3002R | ||
| Totolink A702r Firmware | <1.0.0-b20201028.1743 | |
| Totolink A702R | ||
| Totolink A702r-v3 | <1.0.0-b20201103.1713 | |
| Totolink A702r-v3 Firmware | ||
| Totolink N100RE Firmware | <3.4.0-b20201030.0926 | |
| Totolink N100re-v3 Firmware | ||
| Totolink N150rt | <3.4.0-b20201030.1142 | |
| Totolink N150rt Firmware | ||
| Totolink N200re Firmware | <3.4.0-b20201029.1811 | |
| Totolink N200re Firmware | ||
| Totolink N200re Firmware | <4.0.0-b20200805.1507 | |
| Totolink N200re-v4 Firmware | ||
| Totolink N210re Firmware | <1.0.0-b20201030.2030 | |
| Totolink N210re Firmware | ||
| Totolink N300RH-v3 Firmware | <3.2.4-b20201029.1838 | |
| Totolink N300RH-v3 Firmware | ||
| Totolink N300RT | <3.4.0-b20201026.2033 | |
| Totolink N300RT Firmware | ||
| Totolink N302r Plus | <3.4.0-b20201028.2224 | |
| Totolink N302r Plus Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-25499?
CVE-2020-25499 is classified as a high severity vulnerability due to its potential for arbitrary command execution.
How do I fix CVE-2020-25499?
To fix CVE-2020-25499, update the affected TOTOLINK A3002RU firmware to a version higher than 2.1.1-b20200911.1756.
Who is affected by CVE-2020-25499?
CVE-2020-25499 affects users of TOTOLINK A3002RU firmware versions from 1.1.1-b20200824.0128 and below.
What can attackers do with CVE-2020-25499?
Attackers exploiting CVE-2020-25499 can execute arbitrary operating system commands remotely on the vulnerable router.
Is there a workaround for CVE-2020-25499?
Currently, the recommended action for CVE-2020-25499 is to update the firmware, as there are no effective workarounds to mitigate the vulnerability.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/totolink
- canonical/totolink a3002r firmware
- canonical/totolink a3002ru
- canonical/totolink a3002r
- canonical/totolink a702r firmware
- canonical/totolink a702r
- canonical/totolink a702r-v3
- canonical/totolink a702r-v3 firmware
- canonical/totolink n100re firmware
- canonical/totolink n100re-v3 firmware
- canonical/totolink n150rt
- canonical/totolink n150rt firmware
- canonical/totolink n200re firmware
- canonical/totolink n200re-v4 firmware
- canonical/totolink n210re firmware
- canonical/totolink n300rh-v3 firmware
- canonical/totolink n300rt
- canonical/totolink n300rt firmware
- canonical/totolink n302r plus
- canonical/totolink n302r plus firmware