CVE-2019-19825
CRITICAL EXPLOITED NUCLEITOTOLINK Realtek SDK Routers - CAPTCHA Bypass via getSanvas POST Request
Title source: llmExploitation Summary
CVE-2019-19825 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
Nuclei Templates (1)
TOTOLINK/Realtek Routers - CAPTCHA Bypass
CRITICALVERIFIEDby ritikchaddha
Shodan:
http.html:"TOTOLINK"
FOFA:
title="totolink"
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sploit.tech
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Jan/36
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Jan/38
Scores
CVSS v3
9.8
EPSS
0.2956
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-02-23
CWE
CWE-287
Status
published
Products (8)
totolink/a3002ru_firmware
< 2.0.0
totolink/a702r_firmware
< 2.1.3
totolink/n100re_firmware
< 3.4.0
totolink/n150rt_firmware
< 3.4.0
totolink/n200re_firmware
< 4.0.0
totolink/n300rt_firmware
< 3.4.0
totolink/n301rt_firmware
< 2.1.6
totolink/n302r_firmware
< 3.4.0
Published
Jan 27, 2020
Tracked Since
Feb 18, 2026