{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7216", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-07-29T18:17:45.931Z", "datePublished": "2024-07-30T04:00:05.592Z", "dateUpdated": "2024-08-01T21:52:31.490Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-07-30T04:00:05.592Z"}, "title": "TOTOLINK LR1200 shadow.sample hard-coded password", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-259", "lang": "en", "description": "CWE-259 Use of Hard-coded Password"}]}], "affected": [{"vendor": "TOTOLINK", "product": "LR1200", "versions": [{"version": "9.3.1cu.2832", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in TOTOLINK LR1200 9.3.1cu.2832 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /etc/shadow.sample. Durch das Beeinflussen mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.1, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.6, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.6, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.4, "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-07-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-07-29T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-07-29T20:23:00.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "yhryhryhr_miemie (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.272787", "name": "VDB-272787 | TOTOLINK LR1200 shadow.sample hard-coded password", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.272787", "name": "VDB-272787 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.378331", "name": "Submit #378331 | TOTOLINK LR1200 V9.3.1cu.2832 Use of Hard-coded Password", "tags": ["third-party-advisory"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "totolink", "product": "lr1200_firmware", "cpes": ["cpe:2.3:o:totolink:lr1200_firmware:9.3.1cu.2832:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.3.1cu.2832", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-30T14:20:40.359345Z", "id": "CVE-2024-7216", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T14:48:20.468Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.490Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.272787", "name": "VDB-272787 | TOTOLINK LR1200 shadow.sample hard-coded password", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.272787", "name": "VDB-272787 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.378331", "name": "Submit #378331 | TOTOLINK LR1200 V9.3.1cu.2832 Use of Hard-coded Password", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md", "tags": ["exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.272787", "name": "VDB-272787 | TOTOLINK LR1200 shadow.sample hard-coded password", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.272787", "name": "VDB-272787 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.378331", "name": "Submit #378331 | TOTOLINK LR1200 V9.3.1cu.2832 Use of Hard-coded Password", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.490Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7216", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-30T14:20:40.359345Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:totolink:lr1200_firmware:9.3.1cu.2832:*:*:*:*:*:*:*"], "vendor": "totolink", "product": "lr1200_firmware", "versions": [{"status": "affected", "version": "9.3.1cu.2832"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T14:48:07.096Z"}}], "cna": {"title": "TOTOLINK LR1200 shadow.sample hard-coded password", "credits": [{"lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.1, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.4, "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "TOTOLINK", "product": "LR1200", "versions": [{"status": "affected", "version": "9.3.1cu.2832"}]}], "timeline": [{"lang": "en", "time": "2024-07-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-07-29T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-07-29T20:23:00.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.272787", "name": "VDB-272787 | TOTOLINK LR1200 shadow.sample hard-coded password", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.272787", "name": "VDB-272787 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.378331", "name": "Submit #378331 | TOTOLINK LR1200 V9.3.1cu.2832 Use of Hard-coded Password", "tags": ["third-party-advisory"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in TOTOLINK LR1200 9.3.1cu.2832 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /etc/shadow.sample. Durch das Beeinflussen mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-07-30T04:00:05.592Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7216", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:52:31.490Z", "dateReserved": "2024-07-29T18:17:45.931Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-07-30T04:00:05.592Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:lr1200_firmware:9.3.1cu.2832:*:*:*:*:*:*:*", "matchCriteriaId": "64C09FF7-B671-4B76-87BD-078F96ED06DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:lr1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E5FD932-A495-4413-9222-11E66C1135BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK LR1200 9.3.1cu.2832. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida del archivo /etc/shadow.sample. La manipulaci\u00f3n conduce al uso de una contrase\u00f1a codificada. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272787. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-7216", "lastModified": "2024-11-21T09:51:06.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 2.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-07-30T04:15:04.690", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.272787"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.272787"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?submit.378331"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.272787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.272787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?submit.378331"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}