CVE-2022-34993
CRITICALTotolink A3600R_Firmware V4.1.2cu.5182_B20201102 - Use of Hard-coded Credentials
Title source: llmDescription
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
http://www.totolink.cn/home/menu/detail.html?menu_listtpl=download&id=63&ids=36image-20220606105532193
Exploit, Third Party Advisory x_refsource_misc
https://github.com/cilan2/iot/blob/main/1.md
Scores
CVSS v3
9.8
EPSS
0.0044
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
totolink/a3600r_firmware
4.1.2cu.5182_b20201102
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026