Search criteria

4 vulnerabilities found for CP450 by TOTOLINK

CVE-2026-15271 (GCVE-0-2026-15271)

Vulnerability from cvelistv5 – Published: 2026-07-09 21:30 – Updated: 2026-07-10 13:37
VLAI?
Title
TOTOLINK EX200 Web boa.conf least privilege violation
Summary
A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.
CWE
  • CWE-272 - Least Privilege Violation
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
TOTOLINK A3000RU Affected: 20260906
    cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*
Create a notification for this product.
    TOTOLINK A3100R Affected: 20260906
    cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*
Create a notification for this product.
    TOTOLINK A950RG Affected: 20260906
    cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*
Create a notification for this product.
    TOTOLINK AC1200T10 Affected: 20260906
    cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*
Create a notification for this product.
    TOTOLINK CP450 Affected: 20260906
    cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*
Create a notification for this product.
    TOTOLINK CS185R_T10 Affected: 20260906
    cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*
Create a notification for this product.
    TOTOLINK EX200 Affected: 20260906
    cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
L-14 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-10T13:37:19.484529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-10T13:37:52.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Interface"
          ],
          "product": "A3000RU",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20260906"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Interface"
          ],
          "product": "A3100R",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20260906"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Interface"
          ],
          "product": "A950RG",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20260906"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Interface"
          ],
          "product": "AC1200T10",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20260906"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Interface"
          ],
          "product": "CP450",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20260906"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Interface"
          ],
          "product": "CS185R_T10",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20260906"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Web Interface"
          ],
          "product": "EX200",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "20260906"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "L-14 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitation is known to be difficult."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.1,
            "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-272",
              "description": "Least Privilege Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T21:30:10.629Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377214 | TOTOLINK EX200 Web boa.conf least privilege violation",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/377214"
        },
        {
          "name": "VDB-377214 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377214/cti"
        },
        {
          "name": "CVE-2026-15271 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15271"
        },
        {
          "name": "Submit #852316 | TOTOLink A3000RU A3000RU V5.9c.5185 Misconfiguration in A3000RU",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/852316"
        },
        {
          "name": "Submit #852317 | TOTOLink A3100R A3100R V4.1.2cu.5050 Misconfiguration in A3100R (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/852317"
        },
        {
          "name": "Submit #852318 | TOTOLink AC1200T10 V2 AC1200T10 V2 V4.1.8cu.5207 Misconfiguration in AC1200T10 V2 (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/852318"
        },
        {
          "name": "Submit #852319 | TOTOLink CP450 CP450 V4.1.0cu.747 Misconfiguration in CP450 (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/852319"
        },
        {
          "name": "Submit #852320 | TOTOLink CS185R_T10 CS185R_T10 V5.9c.1485 Misconfiguration in CS185R_T10 (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/852320"
        },
        {
          "name": "Submit #852321 | TOTOLink EX200 EX200 V4.0.3c.7646 Misconfiguration in EX200 (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/852321"
        },
        {
          "name": "Submit #852323 | TOTOLink A950RG A950RG V5.9c.4592 Misconfiguration in A950RG (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/852323"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://app.notion.com/p/A3000RU-V5-9c-5185-37a1f5ba989080d38bb6ca58b2a98c64?source=copy_link"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.totolink.net/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-09T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-09T16:58:55.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK EX200 Web boa.conf least privilege violation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15271",
    "datePublished": "2026-07-09T21:30:10.629Z",
    "dateReserved": "2026-07-09T14:50:16.412Z",
    "dateUpdated": "2026-07-10T13:37:52.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11554 (GCVE-0-2026-11554)

Vulnerability from cvelistv5 – Published: 2026-06-08 17:30 – Updated: 2026-06-09 12:33
VLAI?
Title
TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation
Summary
A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CWE
  • CWE-272 - Least Privilege Violation
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
TOTOLINK CP450 Affected: 4.1.0cu.747
    cpe:2.3:o:totolink:cp450_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
L-14 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11554",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T12:33:01.164712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T12:33:55.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:totolink:cp450_firmware:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "vsftpd"
          ],
          "product": "CP450",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.0cu.747"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "L-14 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-272",
              "description": "Least Privilege Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-08T17:30:11.745Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-369164 | TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/369164"
        },
        {
          "name": "VDB-369164 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/369164/cti"
        },
        {
          "name": "CVE-2026-11554 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-11554"
        },
        {
          "name": "Submit #834821 | TOTOLink CP450 V4.1.0cu.747 Misconfiguration",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/834821"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.notion.so/TOTOLink-CP450-V4-1-0cu-747-3671f5ba989080c3b39ac3984d2ff44d?source=copy_link"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.totolink.net/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-08T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-08T07:50:39.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-11554",
    "datePublished": "2026-06-08T17:30:11.745Z",
    "dateReserved": "2026-06-08T05:45:35.473Z",
    "dateUpdated": "2026-06-09T12:33:55.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7465 (GCVE-0-2024-7465)

Vulnerability from cvelistv5 – Published: 2024-08-05 01:31 – Updated: 2024-08-05 10:20
VLAI?
Title
TOTOLINK CP450 cstecgi.cgi loginauth buffer overflow
Summary
A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE
Assigner
References
Impacted products
Vendor Product Version
TOTOLINK CP450 Affected: 4.1.0cu.747_B20191224
Create a notification for this product.
Credits
yhryhryhr_tu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:cp450_firmware:4.1.0cu.747_b20191224:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cp450_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "4.1.0cu.747_B20191224"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7465",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T10:15:51.277977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:20:55.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CP450",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.0cu.747_B20191224"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in TOTOLINK CP450 4.1.0cu.747_B20191224 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion loginauth der Datei /cgi-bin/cstecgi.cgi. Durch Beeinflussen des Arguments http_host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T01:31:04.318Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273558 | TOTOLINK CP450 cstecgi.cgi loginauth buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273558"
        },
        {
          "name": "VDB-273558 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273558"
        },
        {
          "name": "Submit #381340 | TOTOLINK CP450 v4.1.0cu.747_B20191224 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.381340"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/loginauth.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-04T10:21:05.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK CP450 cstecgi.cgi loginauth buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7465",
    "datePublished": "2024-08-05T01:31:04.318Z",
    "dateReserved": "2024-08-04T08:15:52.935Z",
    "dateUpdated": "2024-08-05T10:20:55.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7332 (GCVE-0-2024-7332)

Vulnerability from cvelistv5 – Published: 2024-08-01 00:31 – Updated: 2024-08-06 19:35
VLAI?
Title
TOTOLINK CP450 Telnet Service product.ini hard-coded password
Summary
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
TOTOLINK CP450 Affected: 4.1.0cu.747_B20191224
Create a notification for this product.
Credits
yhryhryhr_miemie (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:cp450_firmware:4.1.0cu.747_b20191224:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cp450_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "4.1.0cu.747_b20191224"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7332",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T19:29:22.987905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:35:53.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Telnet Service"
          ],
          "product": "CP450",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.0cu.747_B20191224"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_miemie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in TOTOLINK CP450 4.1.0cu.747_B20191224 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /web_cste/cgi-bin/product.ini der Komponente Telnet Service. Durch Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 10,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259 Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-01T00:31:04.452Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273255 | TOTOLINK CP450 Telnet Service product.ini hard-coded password",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.273255"
        },
        {
          "name": "VDB-273255 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273255"
        },
        {
          "name": "Submit #378357 | TOTOLINK CP450 v4.1.0cu.747_B20191224 Use of Hard-coded Password",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.378357"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-31T14:35:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK CP450 Telnet Service product.ini hard-coded password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7332",
    "datePublished": "2024-08-01T00:31:04.452Z",
    "dateReserved": "2024-07-31T12:30:11.013Z",
    "dateUpdated": "2024-08-06T19:35:53.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}