Hardcoded Password Vulnerability in CP900L v4.1.5cu.798_B20221228 Allows Root Access to Attackers
CVE-2024-35395

8.8HIGH

Key Information:

Vendor

TOTOLINK
Status
Cp900l Firmware
Vendor
CVE Published:
24 May 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-35395?

The TOTOLINK CP900L is impacted by a vulnerability characterized by a hardcoded password stored within the /etc/shadow.sample file. This weakness allows unauthorized users to gain root-level access to the device. Exploiting this vulnerability could lead to significant security risks, including full control over the device's functionalities and the potential for broader network breaches. It is critical for users to assess their device configurations and apply any necessary security updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

favicon imageprophaze.com

CVE-2024-35395 : TOTOLINK CP900L 4.1.5CU.798_B20221228 /ETC/SHADOW.SAMPLE HARD-CODED PASSWORD - Cloud WAF

CVE-2024-35395 : TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

References

http://totolink.com
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by prophaze.com

  • Vulnerability published

JSON
.