Details of VAR-202209-2275

ID

VAR-202209-2275

TITLE

TOTOLINK T8 has an unauthorized connection to Telnet service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-61227

DESCRIPTION

TOTOLINK T8 is a wireless router from China TOTOLINK. TOTOLINK T8 has an unauthorized connection to Telnet service vulnerability, an attacker can use this vulnerability to start telnet without authorization and gain server control.

Trust: 0.6

sources: CNVD: CNVD-2022-61227

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-61227

AFFECTED PRODUCTS

vendor:

totolink

model:

t8 v4.1.5cu.710 b20210618

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2022-61227

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2022-61227
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-61227
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2022-61227

PATCH

title:

Patch for TOTOLINK T8 has an unauthorized connection to Telnet service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/346626

Trust: 0.6

sources: CNVD: CNVD-2022-61227

EXTERNAL IDS

db:

CNVD

id:

CNVD-2022-61227

Trust: 0.6

sources: CNVD: CNVD-2022-61227

SOURCES

db:

CNVD

id:

CNVD-2022-61227

LAST UPDATE DATE

2023-09-28T23:08:42.646000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2022-61227

date:

2022-09-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2022-61227

date:

2022-09-14T00:00:00