CVE-2022-34993 β€” Hard-coded Credentials in A3600r Firmware

CWE-798 β€” Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 36.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink A3600r Firmware
Timeline
PublishedAug 4
Latest updateAug 5

Description

Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDtotolink/a3600r_firmware4.1.2cu.5182_b20201102

πŸ”΄Vulnerability Details

2
GHSA
GHSA-x788-3f4q-pfrc: Totolink A3600R_Firmware V4β†—2022-08-05
β–Ά
CVEList
CVE-2022-34993: Totolink A3600R_Firmware V4β†—2022-08-04
β–Ά
CVE-2022-34993 β€” Hard-coded Credentials | cvebase