CVE-2024-7170
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-7170 is a newly disclosed vulnerability affecting TOTOLINK A3000RU devices running firmware version 5.9c.5185. This issue, rated as problematic, allows an attacker to manipulate a specific file, /web_cste/cgi-bin/product.ini, leading to the usage of a hard-coded password. The exploit for this vulnerability has been made public, increasing the risk of potential exploitation. The associated identifier for this vulnerability is VDB-272591. Notably, the vendor was contacted about this disclosure but did not respond, leaving users potentially vulnerable to attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TOTOLINK