Vulnerabilities > CVE-2023-2790 - Password in Configuration File vulnerability in Totolink N200Re Firmware 9.3.5U.6255B20211224

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

totolink

CWE-260

NVD

Published: 2023-05-18

Updated: 2024-05-17

Summary

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink N200Re Firmware 9.3.5U.6255_B20211224	1
Hardware	Totolink Totolink N200Re -	1

Common Weakness Enumeration (CWE)

CWE-260 - Password in Configuration File

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References