CVE-2022-36616

Name of the Vulnerable Software and Affected Versions TOTOLINK A810R versions V4.1.2cu.5182 B20201026 through V5.9c.4050 B20190424

Description The issue is related to a hardcoded password for the root user at /etc/shadow.sample. This could allow a remote attacker to elevate their privileges. The vulnerability is associated with the use of predefined credentials in the TOTOLINK A810R router's firmware.

Recommendations For versions V4.1.2cu.5182 B20201026 and V5.9c.4050 B20190424, consider changing the hardcoded password for the root user at /etc/shadow.sample to a unique and secure password. As a temporary workaround, restrict access to the /etc/shadow.sample file until a patch is available. Avoid using the default credentials for the root user in the affected firmware versions until the issue is resolved.