CVE-2023-2790

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link Exploit Third Party Advisory
https://vuldb.com/?ctiid.229374 Permissions Required Third Party Advisory
https://vuldb.com/?id.229374 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6255_b20211224:*:*:*:*:*:*:*
cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*

History

27 May 2023, 01:14

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Totolink n200re
Totolink n200re Firmware
Totolink
CPE cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6255_b20211224:*:*:*:*:*:*:*
References (MISC) https://vuldb.com/?ctiid.229374 - (MISC) https://vuldb.com/?ctiid.229374 - Permissions Required, Third Party Advisory
References (MISC) https://vuldb.com/?id.229374 - (MISC) https://vuldb.com/?id.229374 - Exploit, Third Party Advisory
References (MISC) https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link - (MISC) https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link - Exploit, Third Party Advisory

Information

Published : 2023-05-18 13:15

Updated : 2024-05-17 02:23


NVD link : CVE-2023-2790

Mitre link : CVE-2023-2790

CVE.ORG link : CVE-2023-2790


JSON object : View

Products Affected

totolink

  • n200re_firmware
  • n200re
CWE
CWE-260

Password in Configuration File