Products
TOTOLINK AC1200 T8
- 4.1.5cu.861_B20230220
Source
cna@vuldb.com
Tags
CVE-2024-8580 details
Published : Sept. 8, 2024, 9:15 p.m.
Last Modified : Sept. 8, 2024, 9:15 p.m.
Last Modified : Sept. 8, 2024, 9:15 p.m.
Description
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.1 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-259 | Use of Hard-coded Password | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.1
Exploitability Score
2.2
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/shadow.md | cna@vuldb.com |
| https://vuldb.com/?ctiid.276814 | cna@vuldb.com |
| https://vuldb.com/?id.276814 | cna@vuldb.com |
| https://vuldb.com/?submit.401293 | cna@vuldb.com |
| https://www.totolink.net/ | cna@vuldb.com |
This website uses the NVD API, but is not approved or certified by it.