ID
VAR-202208-2069
CVE
CVE-2022-36616
TITLE
TOTOLINK of a810r Vulnerability related to use of hardcoded credentials in firmware
Trust: 0.8
DESCRIPTION
TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of a810r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | totolink | model: | a810r | scope: | eq | version: | 4.1.2cu.5182_b20201026 | Trust: 1.0 |
| vendor: | totolink | model: | a810r | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | a810r | scope: | - | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | a810r | scope: | eq | version: | a810r firmware 4.1.2cu.5182 b20201026 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.0 |
| problemtype: | Use hard-coded credentials (CWE-798) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
trust management problem
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-36616 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2022-015943 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202208-4281 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-36616 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/whiter6666/cve/blob/main/totolink_a810r/hard_code.md | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-36616 | Trust: 1.4 |
| url: | https://cxsecurity.com/cveshow/cve-2022-36616/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULMON | id: | CVE-2022-36616 |
| db: | JVNDB | id: | JVNDB-2022-015943 |
| db: | CNNVD | id: | CNNVD-202208-4281 |
| db: | NVD | id: | CVE-2022-36616 |
LAST UPDATE DATE
2024-08-14T15:27:07.194000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-36616 | date: | 2022-08-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015943 | date: | 2023-09-29T08:05:00 |
| db: | CNNVD | id: | CNNVD-202208-4281 | date: | 2022-09-02T00:00:00 |
| db: | NVD | id: | CVE-2022-36616 | date: | 2022-09-01T18:51:35.280 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-36616 | date: | 2022-08-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015943 | date: | 2023-09-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202208-4281 | date: | 2022-08-28T00:00:00 |
| db: | NVD | id: | CVE-2022-36616 | date: | 2022-08-29T00:15:08.877 |