CVE-2024-35395
Severity
8.8HIGH
EPSS
0.1%
top 70.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 24
Description
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9