VYPR

N301RT

by Totolink

CVEs (2)

  • CVE-2019-19824Jan 27, 2020
    risk 0.07cvss epss 0.25

    On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects…

  • CVE-2019-19825Jan 27, 2020
    risk 0.01cvss epss 0.30

    On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The…