CVE-2021-46008 — Hard-coded Credentials in A3100r Firmware

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 61.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink A3100r Firmware

Timeline

PublishedMar 30

Latest updateApr 1

Description

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/a3100r_firmware5.9c.4577

🔴Vulnerability Details

GHSA

GHSA-rrv8-42mr-g7pv: In totolink a3100r V5↗2022-04-01

▶

CVEList

CVE-2021-46008: In totolink a3100r V5↗2022-03-30

▶