PT-2022-17042 · Totolink · Totolink Ex1200T+1

Published

2022-03-30

Updated

2022-04-05

CVE-2022-25008

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions totolink EX300 v2 version 4.0.3c.140 B20210429 totolink EX1200T version 4.1.2cu.5230 B20210706

Description The issue is related to the lack of an authentication mechanism in the affected devices.

Recommendations For totolink EX300 v2 version 4.0.3c.140 B20210429, consider implementing an external authentication mechanism until a patch is available. For totolink EX1200T version 4.1.2cu.5230 B20210706, consider implementing an external authentication mechanism until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2022-25008

Affected Products

Totolink Ex1200T

Totolink Ex300 V2

PT-2022-17042 · Totolink · Totolink Ex1200T+1

CVE-2022-25008

Weakness Enumeration

Related Identifiers

Affected Products

References · 4