Details of VAR-202402-2149

ID

VAR-202402-2149

CVE

CVE-2024-1661

TITLE

TOTOLINK of x6000r Vulnerability related to use of hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-003163

DESCRIPTION

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x6000r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained. TOTOLINK X6000R is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2024-1661 // JVNDB: JVNDB-2024-003163 // CNVD: CNVD-2025-15323

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15323

AFFECTED PRODUCTS

vendor:	totolink	model:	x6000r	scope:	eq	version:	9.4.0cu.852_b20230719	Trust: 1.0
vendor:	totolink	model:	x6000r	scope:	eq	version:	x6000r firmware 9.4.0cu.852 b20230719	Trust: 0.8
vendor:	totolink	model:	x6000r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	x6000r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	x6000r 9.4.0cu.852 b20230719	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15323 // JVNDB: JVNDB-2024-003163 // NVD: CVE-2024-1661

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-1661
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2024-1661
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-1661
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-15323
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2024-1661
severity:	LOW
baseScore:	1.0
vectorString:	AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-15323
severity:	LOW
baseScore:	1.0
vectorString:	AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-1661
baseSeverity:	LOW
baseScore:	2.5
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-1661
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-1661
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15323 // JVNDB: JVNDB-2024-003163 // NVD: CVE-2024-1661 // NVD: CVE-2024-1661

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Use hard-coded credentials (CWE-798) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-003163 // NVD: CVE-2024-1661

EXTERNAL IDS

db:	NVD	id:	CVE-2024-1661	Trust: 3.2
db:	VULDB	id:	254179	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-003163	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15323	Trust: 0.6

sources: CNVD: CNVD-2025-15323 // JVNDB: JVNDB-2024-003163 // NVD: CVE-2024-1661

REFERENCES

url:	https://vuldb.com/?id.254179	Trust: 2.4
url:	https://github.com/woodmangithub/mycves/blob/main/2024-totolink/x6000r-hardcoded-password.md	Trust: 1.8
url:	https://vuldb.com/?ctiid.254179	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-1661	Trust: 0.8

sources: CNVD: CNVD-2025-15323 // JVNDB: JVNDB-2024-003163 // NVD: CVE-2024-1661

SOURCES

db:	CNVD	id:	CNVD-2025-15323
db:	JVNDB	id:	JVNDB-2024-003163
db:	NVD	id:	CVE-2024-1661

LAST UPDATE DATE

2025-07-10T23:00:07.363000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15323	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-003163	date:	2024-05-01T04:42:00
db:	NVD	id:	CVE-2024-1661	date:	2024-05-17T02:35:32.207

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15323	date:	2025-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-003163	date:	2024-05-01T00:00:00
db:	NVD	id:	CVE-2024-1661	date:	2024-02-20T13:15:08.230