CVE-2024-7159

MEDIUM Year: 2024
CVSS v3 Score
8.8
High
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-259
View all →

Vulnerability Description

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2023-32145

HIGH
CVSS:8.8(High)

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 ro...

CWE-2592023

CVE-2023-49963

HIGH
CVSS:8.8(High)

DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control.

CWE-2592023

CVE-2024-28066

HIGH
CVSS:8.8(High)

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

CWE-2592024

CVE-2024-34211

HIGH
CVSS:8.8(High)

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

CWE-2592024

CVE-2024-35395

HIGH
CVSS:8.8(High)

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

CWE-2592024

CVE-2024-37644

HIGH
CVSS:8.8(High)

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

CWE-2592024