PT-2022-19749 · Totolink · Totolink A3100R

Published

2022-05-18

Updated

2022-05-26

CVE-2022-29645

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK A3100R version V4.1.2cu.5050 B20200504 TOTOLINK A3100R version V4.1.2cu.5247 B20211129

Description A hard-coded password for the root user is stored in the /etc/shadow.sample component. This issue affects TOTOLINK A3100R devices.

Recommendations For TOTOLINK A3100R version V4.1.2cu.5050 B20200504, consider changing the root password to a unique and secure value. For TOTOLINK A3100R version V4.1.2cu.5247 B20211129, consider changing the root password to a unique and secure value. As a temporary workaround, restrict access to the /etc/shadow.sample component to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-29645

Affected Products

Totolink A3100R

PT-2022-19749 · Totolink · Totolink A3100R

CVE-2022-29645

Weakness Enumeration

Related Identifiers

Affected Products

References · 4