A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 09 Aug 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Totolink cp450
Weaknesses CWE-798
CPEs cpe:2.3:h:totolink:cp450:-:*:*:*:*:*:*:*
Vendors & Products Totolink cp450

Tue, 06 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Totolink
Totolink cp450 Firmware
CPEs cpe:2.3:o:totolink:cp450_firmware:4.1.0cu.747_b20191224:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink cp450 Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2024-08-06T19:35:53.846Z

Reserved: 2024-07-31T12:30:11.013Z

Link: CVE-2024-7332

cve-icon Vulnrichment

Updated: 2024-08-06T19:35:26.639Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-01T01:15:09.663

Modified: 2024-08-09T13:55:52.587

Link: CVE-2024-7332

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.