CVE-2022-48113

Name of the Vulnerable Software and Affected Versions TOTOLINK N200RE V5 versions prior to the fixed version

Description The issue is related to the use of hardcoded credentials in the Telnet service of the TOTOLINK N200RE V5 router firmware, which allows unauthorized access to sensitive information. An attacker can exploit this by sending a specially crafted POST request to gain access to the telnet service and login as root using the hardcoded credentials.

Recommendations For TOTOLINK N200RE V5 versions prior to the fixed version, consider disabling the telnet service until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the router's administrative interface to minimize the risk of unauthorized access. Avoid using the hardcoded credentials in the telnet service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.