CVE has been recently published to the CVE List and has been received by the NVD.
Products
TOTOLINK CP450
- 4.1.0cu.747_B20191224
Source
cna@vuldb.com
Tags
CVE-2024-7332 details
Last Modified : Aug. 1, 2024, 12:42 p.m.
Description
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.8 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-259 | Use of Hard-coded Password | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.8
Exploitability Score
3.9
Impact Score
5.9
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md | cna@vuldb.com |
https://vuldb.com/?ctiid.273255 | cna@vuldb.com |
https://vuldb.com/?id.273255 | cna@vuldb.com |
https://vuldb.com/?submit.378357 | cna@vuldb.com |