PT-2022-25214 · Totolink · Totolink A3002Ru
Published
2022-09-06
·
Updated
2022-09-09
·
CVE-2022-40111
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3002R version TOTOLINK-A3002R-He-V1.1.1-B20200824.0128
Description
The issue is related to the shadow.sample file in the firmware, where the root user is hardcoded. This could potentially allow unauthorized access.
Recommendations
For TOTOLINK A3002R version TOTOLINK-A3002R-He-V1.1.1-B20200824.0128, consider changing the hardcoded root password in the shadow.sample file to a unique and secure password. Additionally, restrict access to the shadow.sample file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3002Ru