CVE-2023-2790

Name of the Vulnerable Software and Affected Versions TOTOLINK N200RE version 9.3.5u.6255 B20211224

Description A problematic vulnerability has been found in the Telnet Service component of the TOTOLINK N200RE, affecting an unknown function of the file /squashfs-root/etc ro/custom.conf. The manipulation leads to exposure of passwords in the configuration file. This issue can be exploited locally. The vulnerability is related to the use of an unstable cryptographic algorithm in configuration files, which may allow an attacker to gain unauthorized access to protected information.

Recommendations For TOTOLINK N200RE version 9.3.5u.6255 B20211224, consider disabling the Telnet Service or restricting access to the /squashfs-root/etc ro/custom.conf file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.