CVE-2022-35491Hard-coded Credentials in A3002ru Firmware

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink A3002ru Firmware
Timeline
PublishedAug 10
Latest updateAug 11

Description

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtotolink/a3002ru_firmware3.0.0-b20220304.1804

🔴Vulnerability Details

2
GHSA
GHSA-m9m8-vp8w-w95r: TOTOLINK A3002RU V32022-08-11
CVEList
CVE-2022-35491: TOTOLINK A3002RU V32022-08-09
CVE-2022-35491 — Hard-coded Credentials | cvebase