Hard Coded Password Vulnerability in TOTOLINK A3100R Router
CVE-2022-29644

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: A3100r Firmware
Vendor: CVE Published:; 18 May 2022

Summary

The TOTOLINK A3100R router versions V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 contain a significant security flaw due to a hard coded password for the telnet service. This vulnerability, located in the /web_cste/cgi-bin/product.ini component, may allow unauthorized access to the router, compromising the device and potentially the network it is connected to. Users are advised to secure their devices against this issue to prevent exploitation.

References

https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Apr 25, 2022