Security for everyone

CVE-2019-19824 Scanner

Detects 'OS Command Injection' vulnerability in various TOTOLINK Realtek SDK based routers affects v. A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Toolbox

-

TOTOLINK Realtek SDK based routers are popular networking devices used in homes, offices, and other areas where internet connectivity is needed. These routers offer various features such as WAN/LAN connectivity, wireless connectivity, firewalls, and others to help users connect to the internet with ease. The routers are known for their reliability and affordability, making them an ideal choice for many people.

However, recently, a vulnerability was detected in the routers that can allow an attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This vulnerability was assigned CVE-2019-19824, and it affects several models of TOTOLINK Realtek SDK based routers including A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.

If exploited, this vulnerability can lead to full control over the affected device's internals. Attackers can use this access to steal data, manipulate the device's settings, or even carry out further attacks on other devices connected to the router. This can be particularly dangerous in cases where the router is used to connect to sensitive networks or when the connected devices store confidential data.

Thanks to the pro features of the securityforeveryone.com platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. With real-time vulnerability alerts and customizable reporting, this platform provides an easy and effective way to stay ahead of security risks and keep digital assets secure.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture