PR Statement:
It was recently reported that the TOTOLINK routers identified below may have vulnerability issues regarding remote command injection.
TOTOLINK actively invested its causes and developed new firmware patches.
Please download latest firmware from www.totolink.net for upgrading.
The Security Vulnerability Explained:
This risk only occurs when router uses remote management function through the public-facing IP address on the WAN port.
Hackers can use special commands to bypass device authentication and attack routers.
Affected models:
| Model | Affected FW | Fixed FW | Recommendation |
| N150RT | V3.4.0-B20190525.1055 and below | V3.4.0-B20201030.1142 and above | Upgrade device to New Fixed Firmware |
| N100RE-V3 | V3.4.0-B20190813.1645 and below | V3.4.0-B20201030.0926 and above | Upgrade device to New Fixed Firmware |
| N200RE-V3 | V3.4.0-B20190813.1034 and below | V3.4.0-B20201029.1811 and above | Upgrade device to New Fixed Firmware |
| N200RE-V4 | V4.0.0-B20190813.1836 and below | V4.0.0-B20200805.1507 and above | Upgrade device to New Fixed Firmware |
| N210RE | V1.0.0-B20190813.1735 and below | V1.0.0-B20201030.2030 and above | Upgrade device to New Fixed Firmware |
| N300RT | V3.4.0-B20190813.1418 and below | V3.4.0-B20201026.2033 and above | Upgrade device to New Fixed Firmware |
| N300RT-V4 | V4.0.0-B20200216.1952 and below | V4.0.0-B20200828.2013 and above | Upgrade device to New Fixed Firmware |
| N300RH-V3 | V3.2.4-B20190807.1616 and below | V3.2.4-B20201029.1838 and above | Upgrade device to New Fixed Firmware |
| N302R Plus | V3.4.0-B20190810.1705 and below | V3.4.0-B20201028.2224 and above | Upgrade device to New Fixed Firmware |
| A702R-V2 | V1.0.0-B20191101.0856 and below |
V1.0.0-B20201028.1743 and above |
Upgrade device to New Fixed Firmware |
| A702R-V3 | V1.0.0-B20200407.2155 and below | V1.0.0-B20201103.1713 and above | Upgrade device to New Fixed Firmware |
| A3002R | V1.0.0-B20190813.2006 and below | V1.1.1-B20200824.0128 and above | Upgrade device to New Fixed Firmware |
| A3002RU-V1 | V3.4.0-B20190910.0945 and below | V3.4.0-B20201030.1754 and above | Upgrade device to New Fixed Firmware |
| A3002RU-V2 | V2.0.0-B20190814.1034 and below | V2.1.1-B20200911.1756 and above | Upgrade device to New Fixed Firmware |
How to Prevent or Fix the Security Vulnerability:
1. To avoid risks before new firmware upgrading, we suggest all users set TOTOLINK routers as below to Turn off "Enable Web Server Access on WAN" .
2. To solve issues permanently, TOTOLINK will soon release new firmware for affected models. Please visit official website www.totolink.net regularly to check new status.
If any questions, please send email to fae@zioncom.net for help.
TOTOLINK Support Team
October 29, 2020
