CVE-2024-7332 : TOTOLINK CP450 4.1.0CU.747_B20191224 TELNET SERVICE PRODUCT.INI HARD-CODED PASSWORD

Description

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-273255 | TOTOLINK CP450 Telnet Service product.ini hard-coded password

VDB-273255 | CTI Indicators (IOB, IOC, TTP, IOA)

TOTOLINK CP450 v4.1.0cu.747_B20191224 Use of Hard-coded Password

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md

For More Information

CVERecord

Contact us to get started

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

Learn more

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

Learn more

CVE-2024-50340 : SYMFONY INJECTION

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the

Learn more