Authentication Bypass in Totolink EX300_v2 and EX1200T Routers
CVE-2022-25008

8.8HIGH

Key Information:

Vendor: Totolink
Status: Ex300 V2 Firmware
Vendor: CVE Published:; 30 March 2022

Summary

The Totolink EX300_v2 and EX1200T routers, specifically firmware versions V4.0.3c.140_B20210429 and V4.1.2cu.5230_B20210706, lack an adequate authentication mechanism. This oversight allows unauthorized users to gain access to the device's management interface, potentially leading to the exploitation of sensitive data and configuration settings. It is crucial for users of these routers to apply security patches or implement additional security measures to mitigate the risks associated with this vulnerability.

References

https://github.com/chibataiki/iot-vuls/blob/main/totolink...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2022
Vulnerability Reserved
Feb 14, 2022