CVE-2023-2790Password in Configuration File in N200re

CWE-260Password in Configuration File3 documents3 sources
Severity
5.5MEDIUMNVD
CNA2.3
EPSS
0.0%
top 90.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N200reTotolink N200re Firmware
Timeline
PublishedMay 18

Description

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5totolink/n200re9.3.5u.6255_B20211224
NVDtotolink/n200re_firmware9.3.5u.6255_b20211224

🔴Vulnerability Details

2
GHSA
GHSA-f83j-6rqj-vhpw: A vulnerability classified as problematic has been found in TOTOLINK N200RE 92023-05-18
CVEList
TOTOLINK N200RE Telnet Service custom.conf password in configuration file2023-05-18
CVE-2023-2790 — Password in Configuration File | cvebase