Hard Coded Password Vulnerability in TOTOLINK Router Products
CVE-2022-38823

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: T6 Firmware
Vendor: CVE Published:; 16 September 2022

Summary

In the TOTOLINK T6 router, version V4.1.5cu.709_B20210518, a significant security vulnerability arises from a hard coded password for the root user located in the /etc/shadow.sample file. This flaw could potentially allow an unauthorized user to gain elevated access to the device, compromising its security framework and the personal data of users. Given the sensitivity of device configurations and network access, it is crucial for users to update their firmware to mitigate this risk.

References

https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Aug 29, 2022