Rohitburke

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T10 AC1200 version 4.1.8cu.5207 **Description** The issue is related to the use of hard-coded credentials in the file /squashfs-root/web cste/cgi-bin/product.ini of the Telnet Service component. This allows a remote attacker to gain unauthorized access to the service. The manipulation leads to the exploitation of these credentials, and it is possible to launch the attack remotely. **Recommendations** For TOTOLINK T10 AC1200 version 4.1.8cu.5207, consider disabling the Telnet Service until a patch is available to prevent exploitation of the hard-coded credentials. Restrict access to the /squashfs-root/web cste/cgi-bin/product.ini file to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.