A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.
References
| Link | Resource |
|---|---|
| https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20login%20bypass.md | Exploit Third Party Advisory |
| https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20login%20bypass.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
03 Apr 2025, 13:16
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:totolink:a8000ru_firmware:7.1cu.643_b20200521:*:*:*:*:*:*:* cpe:2.3:h:totolink:a8000ru:-:*:*:*:*:*:*:* |
|
| First Time |
Totolink
Totolink a8000ru Totolink a8000ru Firmware |
|
| References | () https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20login%20bypass.md - Exploit, Third Party Advisory |
21 Nov 2024, 09:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20login%20bypass.md - |
28 Aug 2024, 19:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
| CWE | CWE-284 |
12 Mar 2024, 17:46
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-12 17:15
Updated : 2025-04-03 13:16
NVD link : CVE-2024-28338
Mitre link : CVE-2024-28338
CVE.ORG link : CVE-2024-28338
JSON object : View
Products Affected
totolink
- a8000ru_firmware
- a8000ru
CWE
CWE-284
Improper Access Control