Hardcoded Password Vulnerability in TOTOLINK EX200
CVE-2024-31810

Currently unrated

Key Information:

Vendor
TOTOLINK
Status
Ex200 Firmware
Vendor
CVE Published:
14 May 2024

Summary

A hardcoded password vulnerability exists in the TOTOLINK EX200 version V4.0.3c.7646_B20201211, specifically within the '/etc/shadow.sample' file. This weakness can potentially allow unauthorized access to the root account, compromising the security of the device and the network it is connected to. Due to the presence of a non-modifiable password, the risk of exploitation increases significantly, making it crucial for users and administrators to address this issue promptly.

References

https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX...

Timeline

  • Vulnerability published

.