CVERadar

CVE-2024-36782

Medium Severity

SVRS

30/100

CVSSv3

9.8/10

EPSS

0.00198/1

CVE-2024-36782: Hardcoded Password Vulnerability in TOTOLINK CP300. This vulnerability allows attackers to log in as root, potentially gaining full control of affected systems. The TOTOLINK CP300 V2.0.4-B20201102 contains a hardcoded password in /etc/shadow.sample, creating a significant security risk. Although the CVSS score is high at 9.8, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting it may not be as actively exploited or widespread as other critical vulnerabilities. However, given the potential for complete system compromise, it's essential to address this vulnerability promptly to prevent unauthorized access and maintain system security. Ignoring this could lead to data breaches and system hijacking.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:N

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-06-03

LAST MODIFIED2025-02-13

SOCRadar

AI Insight

Description:

CVE-2024-36782 is a hardcoded password vulnerability in TOTOLINK CP300 V2.0.4-B20201102, allowing attackers to log in as root via the /etc/shadow.sample file. Despite a CVSS score of 0, SOCRadar's SVRS assigns a score of 34, indicating a moderate risk.

Key Insights:

Exploitable by Unauthenticated Attackers: The vulnerability can be exploited without requiring authentication, making it accessible to a wide range of attackers.
Root Access Granted: Successful exploitation grants attackers root access to the affected device, enabling them to execute arbitrary commands and compromise the entire system.
Limited Impact: The vulnerability's impact is limited to devices running TOTOLINK CP300 V2.0.4-B20201102 firmware.

Mitigation Strategies:

Update Firmware: Install the latest firmware update from TOTOLINK to patch the vulnerability.
Disable Remote Access: Restrict remote access to the affected devices until the firmware is updated.
Change Default Password: If possible, change the default password for the root account to prevent unauthorized access.
Monitor Network Traffic: Implement network monitoring tools to detect suspicious activity and identify potential exploitation attempts.

Additional Information:

Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
Exploit Status: Active exploits have not been published.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
In the Wild: The vulnerability is not known to be actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-36782 | Totolink CP300 2.0.4-B202 /etc/shadow.sample hard-coded password

vuldb.com2024-06-03

CVE-2024-36782 | Totolink CP300 2.0.4-B202 /etc/shadow.sample hard-coded password | A vulnerability classified as very critical has been found in Totolink CP300 2.0.4-B202. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. This vulnerability is uniquely identified as CVE-2024-36782. The attack can only be done within the local network. There is

vuldb.com

rss

forum

news

Social Media

Vulmon Vulnerability Feed

@VulmonFeeds

2024-06-03

CVE-2024-36782 TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. https://t.co/edGTaA0tDN

CVE

@CVEnew

2024-06-03

CVE-2024-36782 TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. https://t.co/cLeGFCmASN

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20cp300/README.md

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence