TOTOLINK N200RE_v5 Telnet Backdoor
Wenyi Li @UCCU Hacker Description The telnet service on the router, though disabled by default, can be enabled by an unauthenticated attacker with a single POST request. The attacker can then login as root with hardcoded credentials. Affected versions Tested on firmware version V9.3.5u.6139, other versions may also be vulnerable. Cause Analysis The web interface issues a SESSION_ID cookie upon a successful login. However, the request endpoints do not check for it, resulting in broken access control. POC demo