CVE-2024-31810

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31810
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md Exploit Third Party Advisory
https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*
cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*
History

09 Apr 2025, 14:20

Type Values Removed Values Added
First Time Totolink
Totolink ex200 Firmware
Totolink ex200
CWE CWE-798
CPE cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*
References () https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md - () https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md - Exploit, Third Party Advisory

29 Mar 2025, 00:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

21 Nov 2024, 09:13

Type Values Removed Values Added
References () https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md - () https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md -

03 Jul 2024, 01:55

Type Values Removed Values Added
CWE CWE-259
Summary
  • (es) Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contenía una contraseña codificada para root en /etc/shadow.sample.

14 May 2024, 15:25

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:25

Updated : 2025-04-09 14:20

NVD link : CVE-2024-31810

Mitre link : CVE-2024-31810

CVE.ORG link : CVE-2024-31810

JSON object : View

Products Affected

totolink

  • ex200
  • ex200_firmware
CWE
CWE-798

Use of Hard-coded Credentials

CWE-259

Use of Hard-coded Password