CVE-2024-7170

Name of the Vulnerable Software and Affected Versions TOTOLINK A3000RU version 5.9c.5185

Description A problem was found in the processing of the file /web cste/cgi-bin/product.ini, which leads to the use of a hard-coded password. The issue has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations For version 5.9c.5185, as a temporary workaround, consider restricting access to the /web cste/cgi-bin/product.ini file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.