Hard Coded Password Vulnerability in TOTOLINK Router
CVE-2022-37841

7.5HIGH

Key Information:

Vendor: Totolink
Status: A860r Firmware
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-37841?

The TOTOLINK A860R router, specifically version V4.1.2cu.5182_B20201027, contains a serious security issue where a hard coded password for the root user is stored in the /etc/shadow.sample file. This vulnerability allows unauthorized access to the router, significantly compromising the security of the device and the network it supports. Malicious actors can exploit this weakness to gain control over the device, potentially leading to further attacks on connected systems.

References

https://github.com/1759134370/iot/blob/main/TOTOLINK/A860...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Aug 8, 2022

Totolink

What is CVE-2022-37841?

References

CVSS V3.1

Timeline