A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file…
VulDB·CWE-259·Published 2024-07-30
Es wurde eine Schwachstelle in TOTOLINK LR1200 9.3.1cu.2832 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /etc/shadow.sample. Durch das Beeinflussen mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Se encontró una vulnerabilidad en TOTOLINK LR1200 9.3.1cu.2832. Ha sido clasificada como problemática. Esto afecta a una parte desconocida del archivo /etc/shadow.sample. La manipulación conduce al uso de una contraseña codificada. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es difícil. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-272787. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 1.4 | — | — | AV:A/AC:H/Au:S/C:P/I:N/A:N |
| 2.0 | Primary | cve.org | 1.4 | — | — | AV:A/AC:H/Au:S/C:P/I:N/A:N |
| 2.0 | Secondary | NVD | 1.4 | 2.5 | 2.9 | AV:A/AC:H/Au:S/C:P/I:N/A:N |
| 3.0 | Primary | cve.org | 2.6 | — | — | CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.0 | Primary | cve.org | 2.6 | — | — | CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | NVD | 5.3 | 1.6 | 3.6 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 2.6 | — | — | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | cve.org | 2.6 | — | — | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Secondary | NVD | 2.6 | 1.2 | 1.4 | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 4.0 | Primary | cve.org | 2.1 | — | — | CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| 4.0 | Primary | cve.org | 2.1 | — | — | CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 2.1 | — | — | CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |