PT-2024-38116 · Totolink · Totolink A3700R
Yhryhryhr_Tu
·
Published
2024-07-28
·
Updated
2024-08-08
·
CVE-2024-7154
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3700R version 9.1.2u.5822 B20200513
Description
A problematic issue was found in the Password Reset Handler component, specifically in the /wizard.html file, allowing for improper access controls. The manipulation can be launched remotely. The issue has been publicly disclosed and may be exploited.
Recommendations
For TOTOLINK A3700R version 9.1.2u.5822 B20200513, consider restricting access to the Password Reset Handler component, specifically the /wizard.html file, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Improper Access Control
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Totolink A3700R