PT-2023-15556 · Totolink · Totolink A830R
Published
2023-01-27
·
Updated
2025-03-28
·
CVE-2022-48067
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Totolink A830R version 4.1.2cu.5182
Description
The issue allows attackers to obtain the root password via a brute-force attack, potentially leading to information disclosure.
Recommendations
For Totolink A830R version 4.1.2cu.5182, consider changing the root password to a strong and unique one to minimize the risk of exploitation. As a temporary workaround, restrict access to the device to prevent brute-force attacks until a patch is available.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A830R