CVE-2024-8162

Name of the Vulnerable Software and Affected Versions TOTOLINK T10 AC1200 version 4.1.8cu.5207

Description The issue is related to the use of hard-coded credentials in the file /squashfs-root/web cste/cgi-bin/product.ini of the Telnet Service component. This allows a remote attacker to gain unauthorized access to the service. The manipulation leads to the exploitation of these credentials, and it is possible to launch the attack remotely.

Recommendations For TOTOLINK T10 AC1200 version 4.1.8cu.5207, consider disabling the Telnet Service until a patch is available to prevent exploitation of the hard-coded credentials. Restrict access to the /squashfs-root/web cste/cgi-bin/product.ini file to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.