HTTP: TOTOLINK Realtek SDK Router Command Injection

This signature detects attempts to exploit a known vulnerability against TOTOLINK Realtek SDK. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2.

References

CVE: CVE-2019-19824

Short Name
HTTP:CTS:TOTOLINK-SDK-CMDINJ
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-19824 Command Injection Realtek Router SDK TOTOLINK
Release Date
01/31/2022
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3736
False Positive
Unknown
CVSS Score

9.0

Found a potential security threat?