CVE-2015-9550

HIGH

Totolink A850r-v1 Firmware - Exposure to Wrong Actor

Title source: rule

Description

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.

References (1)

[Exploit, Third Party Advisory] https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html

Scores

CVSS v3 7.5

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (8)

totolink/a850r-v1_firmware < 1.0.1-b20150707.1612

totolink/f1-v2_firmware < 2.1.1-b20150708.1646

totolink/f2-v1_firmware < 2.1.0-b20150320.1611

totolink/n150rt-v2_firmware < 2.1.1-b20150708.1548

totolink/n151rt-v2_firmware < 1.1-b20150708.1559

totolink/n300rh-v2_firmware < 2.0.1-b20150708.1625

totolink/n300rh-v3_firmware < 3.0.0-b20150331.0858

totolink/n300rt-v2_firmware < 2.1.1-b20150708.1613

Timeline

Published Nov 24, 2020

Tracked Since Feb 18, 2026