CVE-2015-9550

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
totolinka850r-v1_firmware
𝑥
< 1.0.1-b20150707.1612
totolinkf1-v2_firmware
𝑥
< 2.1.1-b20150708.1646
totolinkf2-v1_firmware
𝑥
< 2.1.0-b20150320.1611
totolinkn150rt-v2_firmware
𝑥
< 2.1.1-b20150708.1548
totolinkn151rt-v2_firmware
𝑥
< 1.1-b20150708.1559
totolinkn300rh-v2_firmware
𝑥
< 2.0.1-b20150708.1625
totolinkn300rh-v3_firmware
𝑥
< 3.0.0-b20150331.0858
totolinkn300rt-v2_firmware
𝑥
< 2.1.1-b20150708.1613
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html
https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html