Skip to main content

A720R Firmware CVE-2022-36610

HIGH
Use of Hard-coded Credentials (CWE-798)
2022-08-29 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 29, 2022 - 00:15 nvd
HIGH 7.8

DescriptionNVD

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

AnalysisAI

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Affected products include: Totolink A720R Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2021-35327 CRITICAL POC
9.8 Aug 05

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, th

CVE-2021-35324 CRITICAL POC
9.8 Aug 05

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to b

CVE-2021-27710 CRITICAL POC
9.8 Apr 14

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmwar

CVE-2021-27708 CRITICAL POC
9.8 Apr 14

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmwar

CVE-2025-60683 MEDIUM POC
6.5 Nov 13

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf

CVE-2022-36456 HIGH POC
7.8 Aug 25

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username param

CVE-2021-35326 HIGH POC
7.5 Aug 05

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configura

CVE-2021-35325 HIGH POC
7.5 Aug 05

A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers

CVE-2022-38535 HIGH POC
7.2 Sep 15

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCf

CVE-2022-38534 HIGH POC
7.2 Sep 15

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg

CVE-2025-4270 MEDIUM POC
6.9 May 05

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotel

CVE-2025-4269 MEDIUM POC
6.9 May 05

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.cgi of the component Log Handler. Rat

Share

CVE-2022-36610 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy