| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-7332 | 1 Aug 202403:42 | – | circl | |
| TOTOLINK CP450 安全漏洞 | 1 Aug 202400:00 | – | cnnvd | |
| TOTOLINK CP450 Hardcoding Vulnerability | 1 Aug 202400:00 | – | cnvd | |
| CVE-2024-7332 | 1 Aug 202400:31 | – | cve | |
| CVE-2024-7332 TOTOLINK CP450 Telnet Service product.ini hard-coded password | 1 Aug 202400:31 | – | cvelist | |
| CVE-2024-7332 | 1 Aug 202401:15 | – | nvd | |
| CVE-2024-7332 | 1 Aug 202401:15 | – | osv | |
| PT-2024-38273 · Totolink · Totolink Cp450 | 1 Aug 202400:00 | – | ptsecurity | |
| CVE-2024-7332 | 5 Feb 202512:00 | – | redhatcve | |
| CVE-2024-7332 TOTOLINK CP450 Telnet Service product.ini hard-coded password | 1 Aug 202400:31 | – | vulnrichment |
id: CVE-2024-7332
info:
name: TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability
author: s4e-io
severity: critical
description: |
A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.
impact: |
Unauthenticated attackers can retrieve hard-coded credentials from the accessible product.ini file, enabling complete device compromise through Telnet service access with administrative privileges.
remediation: |
Contact TOTOLINK for security updates addressing the hard-coded password vulnerability in CP450 firmware version 4.1.0cu.747_B20191224, or implement network segmentation to restrict access.
reference:
- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md
- https://nvd.nist.gov/vuln/detail/CVE-2024-7332
- https://cvefeed.io/vuln/detail/CVE-2024-7332
- https://www.tenable.com/cve/CVE-2024-7332
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-7332
cwe-id: CWE-259
epss-score: 0.20737
epss-percentile: 0.97227
cpe: cpe:2.3:a:totolink:cp450:4.1.0cu.747_b20191224:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: totolink
product: cp450_firmware
fofa-query: title="totolink"
tags: cve,cve2024,totolink,vuln
http:
- method: GET
path:
- "{{BaseURL}}/web_cste/cgi-bin/product.ini"
matchers:
- type: dsl
dsl:
- 'contains_all(body,"[PRODUCT]","[WLAN]","HostName")'
- "status_code == 200"
condition: and
# digest: 4a0a00473045022100c45baad07a47a7ada15d3358a5702597d68d69361b42a34317f451cf4be8c3a50220486a4faa0d2404c3ef9a7d190ed59a1519e4274b5e09314f51f471614a4f5dad:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation