Sign-up

ID

VAR-202206-0354


CVE

CVE-2021-42892


TITLE

TOTOLINK EX1200T Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-53564 // CNNVD: CNNVD-202206-458

DESCRIPTION

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. TOTOLINK of ex1200t A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be tampered with. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

Trust: 2.25

sources: NVD: CVE-2021-42892 // JVNDB: JVNDB-2021-019778 // CNVD: CNVD-2022-53564 // VULMON: CVE-2021-42892

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-53564

AFFECTED PRODUCTS

vendor:totolinkmodel:ex1200tscope:eqversion:4.1.2cu.5215

Trust: 1.0

vendor:totolinkmodel:ex1200tscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:ex1200tscope:eqversion:ex1200t firmware 4.1.2cu.5215

Trust: 0.8

vendor:totolinkmodel:ex1200tscope: - version: -

Trust: 0.8

vendor:totolinkmodel:ex1200t v4.1.2cu.5215scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-53564 // JVNDB: JVNDB-2021-019778 // NVD: CVE-2021-42892

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42892
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-42892
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-53564
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202206-458
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-42892
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-42892
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-53564
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-42892
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-42892
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-53564 // VULMON: CVE-2021-42892 // JVNDB: JVNDB-2021-019778 // CNNVD: CNNVD-202206-458 // NVD: CVE-2021-42892

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019778 // NVD: CVE-2021-42892

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-458

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202206-458

EXTERNAL IDS

db:NVDid:CVE-2021-42892

Trust: 3.9

db:JVNDBid:JVNDB-2021-019778

Trust: 0.8

db:CNVDid:CNVD-2022-53564

Trust: 0.6

db:CNNVDid:CNNVD-202206-458

Trust: 0.6

db:VULMONid:CVE-2021-42892

Trust: 0.1

sources: CNVD: CNVD-2022-53564 // VULMON: CVE-2021-42892 // JVNDB: JVNDB-2021-019778 // CNNVD: CNNVD-202206-458 // NVD: CVE-2021-42892

REFERENCES

url:https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_telnet_default.md

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42892

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-42892/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-53564 // VULMON: CVE-2021-42892 // JVNDB: JVNDB-2021-019778 // CNNVD: CNNVD-202206-458 // NVD: CVE-2021-42892

SOURCES

db:CNVDid:CNVD-2022-53564
db:VULMONid:CVE-2021-42892
db:JVNDBid:JVNDB-2021-019778
db:CNNVDid:CNNVD-202206-458
db:NVDid:CVE-2021-42892

LAST UPDATE DATE

2024-11-23T23:07:20.061000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-53564date:2022-07-26T00:00:00
db:VULMONid:CVE-2021-42892date:2022-06-13T00:00:00
db:JVNDBid:JVNDB-2021-019778date:2023-08-17T08:36:00
db:CNNVDid:CNNVD-202206-458date:2022-06-14T00:00:00
db:NVDid:CVE-2021-42892date:2024-11-21T06:28:17.293

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-53564date:2022-07-26T00:00:00
db:VULMONid:CVE-2021-42892date:2022-06-03T00:00:00
db:JVNDBid:JVNDB-2021-019778date:2023-08-17T00:00:00
db:CNNVDid:CNNVD-202206-458date:2022-06-03T00:00:00
db:NVDid:CVE-2021-42892date:2022-06-03T17:15:07.607