CVE-2023-24147

Name of the Vulnerable Software and Affected Versions TOTOLINK CA300-PoE version 6.2c.884

Description The issue is related to the use of hardcoded credentials in the /etc/config/product.ini component of the TOTOLINK CA300-PoE router's firmware. This could allow a remote attacker to disclose sensitive information. The hardcoded password is specifically for the telnet service.

Recommendations For TOTOLINK CA300-PoE version 6.2c.884, consider changing the hardcoded password for the telnet service as a temporary workaround until a patch is available. Restrict access to the telnet service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.