Authenticated Remote Command Execution in TOTOLINK A3002RU-V2.0.0 B20190814.1034

Authenticated Remote Command Execution in TOTOLINK A3002RU-V2.0.0 B20190814.1034

CVE-2020-25499 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

Learn more about our User Device Pen Test.