CVE-2022-48113 — Hard-coded Credentials in N200re-v5 Firmware

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.8%

top 17.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink N200re-v5 Firmware

Timeline

PublishedFeb 2

Latest updateFeb 3

Description

A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/n200re-v5_firmware9.3.5u.6139

🔴Vulnerability Details

GHSA

GHSA-fvv3-6hg7-8mrp: A vulnerability in TOTOLINK N200RE_v5 firmware V9↗2023-02-03

▶

CVEList

CVE-2022-48113: A vulnerability in TOTOLINK N200RE_v5 firmware V9↗2023-02-02

▶