Hardcoded Password Vulnerability in CP900L v4.1.5cu.798_B20221228 Allows Root Access to Attackers
CVE-2024-35395
Summary
The TOTOLINK CP900L is impacted by a vulnerability characterized by a hardcoded password stored within the /etc/shadow.sample file. This weakness allows unauthorized users to gain root-level access to the device. Exploiting this vulnerability could lead to significant security risks, including full control over the device's functionalities and the potential for broader network breaches. It is critical for users to assess their device configurations and apply any necessary security updates.
News Articles
prophaze.comCVE-2024-35395CVE-2024-35395 : TOTOLINK CP900L 4.1.5CU.798_B20221228 /ETC/SHADOW.SAMPLE HARD-CODED PASSWORD - Cloud WAF
CVE-2024-35395 : TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
7 months ago
References
Timeline
- π°
First article discovered by prophaze.com
Vulnerability published