← Back

CVE-2024-8580

nvd nist
Published: Sep 8, 2024Modified: Sep 10, 2024

JSON object

Loading...
9.2
Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)

Description

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Totolink
1 product
T8 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
T8 Firmware
Version 4.1.5cu.861_b20230220
Running on/withPlatform Versions
Totolink
T8
All versions

Related CWEs

CWE-259
Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References (5)

Source: cna@vuldb.com
ExploitThird Party Advisory
Source: cna@vuldb.com
Permissions Required
Source: cna@vuldb.com
Permissions RequiredThird Party Advisory
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Product

Timeline

No history available yet.