PT-2022-11738 · Totolink · Totolink Ex1200T
Published
2022-06-03
·
Updated
2023-08-08
·
CVE-2021-42893
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TOTOLINK EX1200T version 4.1.2cu.5215
Description
The issue allows an attacker to obtain sensitive information, such as wifikey, without authorization through the
getSysStatusCfg function.Recommendations
For TOTOLINK EX1200T version 4.1.2cu.5215, as a temporary workaround, consider restricting access to the
getSysStatusCfg function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink Ex1200T