CVE-2024-1661

CWE-798Hard-coded Credentials3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 80.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X6000rTotolink X6000r Firmware
Timeline
PublishedFeb 20

Description

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE:

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages2 packages

CVEListV5totolink/x6000r9.4.0cu.852_B20230719
NVDtotolink/x6000r_firmware9.4.0cu.852_b20230719

🔴Vulnerability Details

2
GHSA
GHSA-v3xc-v2g4-h75g: A vulnerability classified as problematic was found in Totolink X6000R 92024-02-20
CVEList
Totolink X6000R shadow hard-coded credentials2024-02-20
CVE-2024-1661 (MEDIUM CVSS 5.5) | A vulnerability classified as probl | cvebase.io