What is CVE-2019-19824?

CVE-2019-19824 is a vulnerability in N/a. Published 2020-01-27.

Is CVE-2019-19824 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control o…

EPSS: 0.895 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
ker2x/DearDiary
lkkula/totoroot

References

sploit.tech
20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers (mailing-list)
packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Ex…
20200131 Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers (mailing-list)
github.com/yckuo-sdc/totolink-boa-api-vulnerabilities

Frequently asked questions

What is CVE-2019-19824?: CVE-2019-19824 is a vulnerability in N/a. Published 2020-01-27.
Is CVE-2019-19824 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.