CVE-2024-7332

Name of the Vulnerable Software and Affected Versions TOTOLINK CP450 version 4.1.0cu.747 B20191224

Description A critical issue has been found, affecting the Telnet Service component, specifically an unknown part of the file /web cste/cgi-bin/product.ini. The manipulation leads to the use of a hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Cybersecurity experts are closely monitoring this issue, and it poses a high risk of exploitation.

Recommendations For TOTOLINK CP450 version 4.1.0cu.747 B20191224, as a temporary workaround, consider disabling the Telnet Service until a patch is available. Restrict access to the /web cste/cgi-bin/product.ini file to minimize the risk of exploitation. Avoid using hard-coded passwords in the affected component. At the moment, there is no information about a newer version that contains a fix for this issue.