Access Control Vulnerability in TOTOLINK Router
CVE-2024-42966
9.8CRITICAL
Summary
The vulnerability in the TOTOLINK N350RT router relates to improper access controls within its firmware, specifically version V9.3.5u.6139_B20201216. An attacker can exploit this weakness by sending a specially crafted request to the '/cgi-bin/ExportSettings.sh' endpoint, allowing them to access the sensitive apmib configuration file. This configuration file contains critical information, including user credentials, which can lead to further exploitation of the device and the network it connects to. Organizations should take preventive measures to secure their devices against this type of access control flaw to protect sensitive information from unauthorized access.
References
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD Database