CVE-2024-8580

CRITICAL Year: 2024
CVSS v3 Score
8.1
High
CVSS v2 Score
7.6
High
Weakness Type
CWE-259
View all →

Vulnerability Description

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2024-39585

HIGH
CVSS:8.1(High)

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potential...

CWE-2592024

CVE-2024-46328

HIGH
CVSS:8.0(High)

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.

CWE-2592024

CVE-2025-25428

HIGH
CVSS:8.0(High)

TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

CWE-2592025

CVE-2021-27452

HIGH
CVSS:7.8(High)

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).

CWE-2592021

CVE-2023-1944

HIGH
CVSS:7.8(High)

This vulnerability enables ssh access to minikube container using a default password.

CWE-2592023

CVE-2024-5275

HIGH
CVSS:7.8(High)

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploi...

CWE-2592024