TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system’s ‘Run Command’. An attacker can use this functionality to execute arbitrary OS commands on the router.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25499
Reference (s):
- https://www.totolink.net/home/index/newsss/id/196.html
- https://github.com/kdoos/Vulnerabilities/blob/main/RCE_TOTOLINK-A3002RU-V2