CVE-2024-7155

LOW

TOTOLINK A3300R 17.0.0cu.557_B20221024 - Info Disclosure

Title source: llm

Description

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry

https://vuldb.com/?id.272569

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.272569

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.377465

Exploit exploit

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md

Scores

CVSS v3 2.5

EPSS 0.0025

EPSS Percentile 16.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

totolink/a3300r_firmware 17.0.0cu.557_b20221024

Published Jul 28, 2024

Tracked Since Feb 18, 2026