Hard-coded Telnet Password Vulnerability in Totolink Router
CVE-2021-46008

8.8HIGH

Key Information:

Vendor

Totolink
Status
A3100r Firmware
Vendor
CVE Published:
30 March 2022

What is CVE-2021-46008?

The A3100R router by Totolink has a severe security flaw where a hard-coded Telnet password can be easily extracted from the firmware. If an attacker gains access to the same Wi-Fi network and the Telnet service is enabled, they can exploit this vulnerability to access the device with root shell privileges.

References

http://totolink.com
x_refsource_MISC
http://a3100r.com
x_refsource_MISC
https://hackmd.io/ZkeEB-VvRiWBS53rFKG8DQ
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.