CVE-2024-42967

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*
cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*

History

06 Sep 2024, 17:35

Type Values Removed Values Added
CWE CWE-284

16 Aug 2024, 13:34

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en TOTOLINK LR350 V9.3.5u.6369_B20220309 permite a los atacantes obtener el archivo de configuración apmib, que contiene el nombre de usuario y la contraseña, a través de una solicitud manipulada a /cgi-bin/ExportSettings.sh.
First Time Totolink
Totolink lr350
Totolink lr350 Firmware
References () https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/LR350/ExportSettings.md - () https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/LR350/ExportSettings.md - Exploit, Third Party Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*

15 Aug 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 17:15

Updated : 2024-09-06 17:35


NVD link : CVE-2024-42967

Mitre link : CVE-2024-42967

CVE.ORG link : CVE-2024-42967


JSON object : View

Products Affected

totolink

  • lr350
  • lr350_firmware
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control