Lucene search
K

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 39 Views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability. Critical vulnerability in TOTOLINK CP450 version 4.1.0cu.747_B20191224 allows remote exploitation via hard-coded password in /web_cste/cgi-bin/product.ini

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-7332
1 Aug 202403:42
circl
CNNVD
TOTOLINK CP450 安全漏洞
1 Aug 202400:00
cnnvd
CNVD
TOTOLINK CP450 Hardcoding Vulnerability
1 Aug 202400:00
cnvd
CVE
CVE-2024-7332
1 Aug 202400:31
cve
Cvelist
CVE-2024-7332 TOTOLINK CP450 Telnet Service product.ini hard-coded password
1 Aug 202400:31
cvelist
NVD
CVE-2024-7332
1 Aug 202401:15
nvd
OSV
CVE-2024-7332
1 Aug 202401:15
osv
Positive Technologies
PT-2024-38273 · Totolink · Totolink Cp450
1 Aug 202400:00
ptsecurity
RedhatCVE
CVE-2024-7332
5 Feb 202512:00
redhatcve
Vulnrichment
CVE-2024-7332 TOTOLINK CP450 Telnet Service product.ini hard-coded password
1 Aug 202400:31
vulnrichment
Rows per page
id: CVE-2024-7332

info:
  name: TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability
  author: s4e-io
  severity: critical
  description: |
    A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.
  impact: |
    Unauthenticated attackers can retrieve hard-coded credentials from the accessible product.ini file, enabling complete device compromise through Telnet service access with administrative privileges.
  remediation: |
    Contact TOTOLINK for security updates addressing the hard-coded password vulnerability in CP450 firmware version 4.1.0cu.747_B20191224, or implement network segmentation to restrict access.
  reference:
    - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md
    - https://nvd.nist.gov/vuln/detail/CVE-2024-7332
    - https://cvefeed.io/vuln/detail/CVE-2024-7332
    - https://www.tenable.com/cve/CVE-2024-7332
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-7332
    cwe-id: CWE-259
    epss-score: 0.20737
    epss-percentile: 0.97225
    cpe: cpe:2.3:a:totolink:cp450:4.1.0cu.747_b20191224:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: totolink
    product: cp450_firmware
    fofa-query: title="totolink"
  tags: cve,cve2024,totolink,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/web_cste/cgi-bin/product.ini"

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"[PRODUCT]","[WLAN]","HostName")'
          - "status_code == 200"
        condition: and
# digest: 4a0a00473045022100c45baad07a47a7ada15d3358a5702597d68d69361b42a34317f451cf4be8c3a50220486a4faa0d2404c3ef9a7d190ed59a1519e4274b5e09314f51f471614a4f5dad:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.19.8
CVSS 49.3
CVSS 210
CVSS 39.8
EPSS0.20737
SSVC
39