CVE Vulnerabilities

CVE-2023-2790

Password in Configuration File

Published: May 18, 2023 | Modified: May 17, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Weakness

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

Affected Software

Name Vendor Start Version End Version
N200re_firmware Totolink 9.3.5u.6255_b20211224 (including) 9.3.5u.6255_b20211224 (including)

Potential Mitigations

References