Sign-up

ID

VAR-202011-1035


CVE

CVE-2015-9550


TITLE

TOTOLINK A850R-V1  and  F1-V2  Vulnerability in Resource Leakage to Wrong Domain

Trust: 0.8

sources: JVNDB: JVNDB-2015-008651

DESCRIPTION

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. TOTOLINK A850R-V1 and F1-V2 Is vulnerable to a resource leak to the wrong area.Information may be obtained. TOTOLINK A850R-V1 is a wireless dual-band router. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2015-9550 // JVNDB: JVNDB-2015-008651 // CNVD: CNVD-2022-17128

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-17128

AFFECTED PRODUCTS

vendor:totolinkmodel:a850r-v1scope:ltversion:1.0.1-b20150707.1612

Trust: 1.0

vendor:totolinkmodel:n300rh-v2scope:ltversion:2.0.1-b20150708.1625

Trust: 1.0

vendor:totolinkmodel:n300rh-v3scope:ltversion:3.0.0-b20150331.0858

Trust: 1.0

vendor:totolinkmodel:f1-v2scope:ltversion:2.1.1-b20150708.1646

Trust: 1.0

vendor:totolinkmodel:n150rt-v2scope:ltversion:2.1.1-b20150708.1548

Trust: 1.0

vendor:totolinkmodel:n300rt-v2scope:ltversion:2.1.1-b20150708.1613

Trust: 1.0

vendor:totolinkmodel:n151rt-v2scope:ltversion:1.1-b20150708.1559

Trust: 1.0

vendor:totolinkmodel:f2-v1scope:ltversion:2.1.0-b20150320.1611

Trust: 1.0

vendor:totolinkmodel:n300rt-v2scope: - version: -

Trust: 0.8

vendor:totolinkmodel:f1-v2scope: - version: -

Trust: 0.8

vendor:totolinkmodel:n300rh-v2scope: - version: -

Trust: 0.8

vendor:totolinkmodel:n150rt-v2scope: - version: -

Trust: 0.8

vendor:totolinkmodel:n151rt-v2scope: - version: -

Trust: 0.8

vendor:totolinkmodel:n300rh-v3scope: - version: -

Trust: 0.8

vendor:totolinkmodel:a850r-v1scope: - version: -

Trust: 0.8

vendor:totolinkmodel:f2-v1scope: - version: -

Trust: 0.8

vendor:totolinkmodel:a850r-v1 1.0.1-b20150707.1612scope: - version: -

Trust: 0.6

vendor:totolinkmodel:f1-v2 1.1-b20150708.1646scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-17128 // JVNDB: JVNDB-2015-008651 // NVD: CVE-2015-9550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9550
value: HIGH

Trust: 1.0

NVD: CVE-2015-9550
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-17128
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1852
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2015-9550
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-17128
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-9550
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2015-9550
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-17128 // JVNDB: JVNDB-2015-008651 // CNNVD: CNNVD-202011-1852 // NVD: CVE-2015-9550

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.0

problemtype:Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2015-008651 // NVD: CVE-2015-9550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1852

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1852

PATCH

title:Top Pageurl:http://totolink.net/

Trust: 0.8

title:Patch for There is an unknown vulnerability in TOTOLINK A850R-V1url:https://www.cnvd.org.cn/patchInfo/show/323591

Trust: 0.6

title:Totolink A850r-v1 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135821

Trust: 0.6

sources: CNVD: CNVD-2022-17128 // JVNDB: JVNDB-2015-008651 // CNNVD: CNNVD-202011-1852

EXTERNAL IDS

db:NVDid:CVE-2015-9550

Trust: 3.0

db:JVNDBid:JVNDB-2015-008651

Trust: 0.8

db:CNVDid:CNVD-2022-17128

Trust: 0.6

db:CNNVDid:CNNVD-202011-1852

Trust: 0.6

sources: CNVD: CNVD-2022-17128 // JVNDB: JVNDB-2015-008651 // CNNVD: CNNVD-202011-1852 // NVD: CVE-2015-9550

REFERENCES

url:https://pierrekim.github.io/blog/2015-07-16-backdoor-and-rce-found-in-8-totolink-products.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-9550

Trust: 2.0

sources: CNVD: CNVD-2022-17128 // JVNDB: JVNDB-2015-008651 // CNNVD: CNNVD-202011-1852 // NVD: CVE-2015-9550

SOURCES

db:CNVDid:CNVD-2022-17128
db:JVNDBid:JVNDB-2015-008651
db:CNNVDid:CNNVD-202011-1852
db:NVDid:CVE-2015-9550

LAST UPDATE DATE

2024-11-23T23:11:14.996000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-17128date:2022-03-07T00:00:00
db:JVNDBid:JVNDB-2015-008651date:2021-07-16T08:05:00
db:CNNVDid:CNNVD-202011-1852date:2022-03-24T00:00:00
db:NVDid:CVE-2015-9550date:2024-11-21T02:40:54.460

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-17128date:2022-03-07T00:00:00
db:JVNDBid:JVNDB-2015-008651date:2021-07-16T00:00:00
db:CNNVDid:CNNVD-202011-1852date:2020-11-24T00:00:00
db:NVDid:CVE-2015-9550date:2020-11-24T21:15:11.353