Skip to main content

Cp450 Firmware CVE-2024-34219

HIGH
Use of Hard-coded Credentials (CWE-798)
2024-05-14 cve@mitre.org
8.6
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
May 14, 2024 - 15:38 cve.org
HIGH 8.6

DescriptionCVE.org

TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.

AnalysisAI

TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. Affected products include: Totolink Cp450 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2024-34213 CRITICAL POC
9.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForw

CVE-2024-34209 CRITICAL POC
9.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFi

CVE-2024-34204 CRITICAL POC
9.8 May 14

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the set

CVE-2024-7332 CRITICAL POC
9.3 Aug 01

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated critical severity (CVSS 9.3), this vulnerabilit

CVE-2024-34211 HIGH POC
8.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample

CVE-2024-34207 HIGH POC
8.8 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDh

CVE-2024-34200 HIGH POC
8.8 May 14

TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQo

CVE-2024-7465 HIGH POC
8.7 Aug 05

A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated high severit

CVE-2024-34217 HIGH POC
7.7 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfil

CVE-2024-34215 HIGH POC
7.3 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilte

CVE-2024-34212 HIGH POC
7.3 May 14

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunu

CVE-2024-34210 HIGH POC
7.3 May 14

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the Clo

Share

CVE-2024-34219 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy