Headline
CVE-2022-48113: TOTOLINK N200RE_v5 Telnet Backdoor
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.
TOTOLINK N200RE_v5 Telnet Backdoor
Wenyi Li @UCCU Hacker
Description
The telnet service on the router, though disabled by default, can be enabled by an unauthenticated attacker with a single POST request.
The attacker can then login as root with hardcoded credentials.
Affected versions
Tested on firmware version V9.3.5u.6139, other versions may also be vulnerable.
Cause Analysis
The web interface issues a SESSION_ID cookie upon a successful login.
However, the request endpoints do not check for it, resulting in broken access control.
POC demo