CVE-2024-8162

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/rohitburke/TOTOLINK Exploit Third Party Advisory
https://vuldb.com/?ctiid.275760 Permissions Required
https://vuldb.com/?id.275760 Permissions Required Third Party Advisory
https://vuldb.com/?submit.392015 Third Party Advisory VDB Entry
https://www.totolink.net/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:t10_firmware:4.1.8cu.5207:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t10:-:*:*:*:*:*:*:*

History

27 Aug 2024, 14:28

Type Values Removed Values Added
CPE cpe:2.3:o:totolink:t10_firmware:4.1.8cu.5207:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t10:-:*:*:*:*:*:*:*
First Time Totolink
Totolink t10 Firmware
Totolink t10
References () https://github.com/rohitburke/TOTOLINK - () https://github.com/rohitburke/TOTOLINK - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.275760 - () https://vuldb.com/?ctiid.275760 - Permissions Required
References () https://vuldb.com/?id.275760 - () https://vuldb.com/?id.275760 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.392015 - () https://vuldb.com/?submit.392015 - Third Party Advisory, VDB Entry
References () https://www.totolink.net/ - () https://www.totolink.net/ - Product
Summary
  • (es) Una vulnerabilidad ha sido encontrada en TOTOLINK T10 AC1200 4.1.8cu.5207 y clasificada como crítica. Una función desconocida del archivo /squashfs-root/web_cste/cgi-bin/product.ini del componente Telnet Service es afectada por esta vulnerabilidad. La manipulación conduce a credenciales codificadas. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

26 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 13:15

Updated : 2024-08-27 14:28


NVD link : CVE-2024-8162

Mitre link : CVE-2024-8162

CVE.ORG link : CVE-2024-8162


JSON object : View

Products Affected

totolink

  • t10_firmware
  • t10
CWE
CWE-798

Use of Hard-coded Credentials