CVE-2024-8162

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.3CRITICAL
EPSS
0.3%
top 45.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink T10 Ac1200Totolink T10 Firmware
Timeline
PublishedAug 26

Description

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/t10_ac12004.1.8cu.5207
NVDtotolink/t10_firmware4.1.8cu.5207

🔴Vulnerability Details

2
GHSA
GHSA-fmc4-v39v-phr8: A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 42024-08-26
CVEList
TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials2024-08-26
CVE-2024-8162 (CRITICAL CVSS 9.3) | A vulnerability classified as criti | cvebase.io