A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown…
VulDB·CWE-259·Published 2024-07-28
Eine Schwachstelle wurde in TOTOLINK A3600R 4.1.2cu.5182_B20201102 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /web_cste/cgi-bin/product.ini der Komponente Telnet Service. Durch Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Se encontró una vulnerabilidad en TOTOLINK A3600R 4.1.2cu.5182_B20201102. Ha sido calificada como crítica. Este problema afecta un procesamiento desconocido del archivo /web_cste/cgi-bin/product.ini del componente Telnet Service. La manipulación conduce al uso de una contraseña codificada. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-272573. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 4.9 | — | — | AV:A/AC:M/Au:S/C:P/I:P/A:P |
| 2.0 | Primary | cve.org | 4.9 | — | — | AV:A/AC:M/Au:S/C:P/I:P/A:P |
| 2.0 | Secondary | NVD | 4.9 | 4.4 | 6.4 | AV:A/AC:M/Au:S/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 5.5 | — | — | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 3.0 | Primary | cve.org | 5.5 | — | — | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 5.5 | — | — | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 5.5 | — | — | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Secondary | NVD | 5.5 | 2.1 | 3.4 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 4.0 | Primary | cve.org | 5.1 | — | — | CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| 4.0 | Primary | cve.org | 5.1 | — | — | CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 5.1 | — | — | CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |