Hardcoded Password Vulnerability in TOTOLINK CP450
CVE-2024-34211

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: Cp450 Firmware
Vendor: CVE Published:; 14 May 2024

Summary

The TOTOLINK CP450 v4.1.0cu.747_B20191224 has a significant security flaw due to the presence of a hardcoded password in the /etc/shadow.sample file. This vulnerability enables attackers to gain unauthorized access as root, which could result in complete control over the device. Such an exploit can expose sensitive information and compromise network security, making it imperative for users to be aware of this issue and take necessary precautions.

References

https://github.com/n0wstr/IOTVuln/tree/main/CP450/HardCod...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024