CVE-2024-7170

MEDIUM Year: 2024
CVSS v3 Score
8.8
High
CVSS v2 Score
2.7
Low
Weakness Type
CWE-259
View all →

Vulnerability Description

A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2023-32145

HIGH
CVSS:8.8(High)

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 ro...

CWE-2592023

CVE-2023-49963

HIGH
CVSS:8.8(High)

DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-coded password that could allow an attacker to take control.

CWE-2592023

CVE-2024-28066

HIGH
CVSS:8.8(High)

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

CWE-2592024

CVE-2024-34211

HIGH
CVSS:8.8(High)

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

CWE-2592024

CVE-2024-35395

HIGH
CVSS:8.8(High)

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

CWE-2592024

CVE-2024-37644

HIGH
CVSS:8.8(High)

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

CWE-2592024