Sign-up

ID

VAR-202407-2457


CVE

CVE-2024-7159


TITLE

TOTOLINK  of  a3600r  Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005105

DESCRIPTION

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3600r A vulnerability exists in the firmware related to the use of hardcoded passwords.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3600R is a wireless router. Attackers can exploit this vulnerability to cause device configuration tampering, sensitive data leakage, or use for further attack activities

Trust: 2.16

sources: NVD: CVE-2024-7159 // JVNDB: JVNDB-2024-005105 // CNVD: CNVD-2025-08344

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-08344

AFFECTED PRODUCTS

vendor:totolinkmodel:a3600rscope:eqversion:4.1.2cu.5182_b20201102

Trust: 1.0

vendor:totolinkmodel:a3600rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3600rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3600rscope:eqversion:a3600r firmware 4.1.2cu.5182 b20201102

Trust: 0.8

vendor:totolinkmodel:a3600r 4.1.2cu.5182 b20201102scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-08344 // JVNDB: JVNDB-2024-005105 // NVD: CVE-2024-7159

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-7159
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-7159
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-005105
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-08344
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-7159
severity: MEDIUM
baseScore: 4.9
vectorString: AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-005105
severity: MEDIUM
baseScore: 4.9
vectorString: AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-08344
severity: MEDIUM
baseScore: 4.9
vectorString: AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-7159
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-7159
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-005105
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-08344 // JVNDB: JVNDB-2024-005105 // NVD: CVE-2024-7159 // NVD: CVE-2024-7159

PROBLEMTYPE DATA

problemtype:CWE-259

Trust: 1.0

problemtype:Using hardcoded passwords (CWE-259) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005105 // NVD: CVE-2024-7159

PATCH

title:Patch for TOTOLINK A3600R Hard-coded Password Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/682306

Trust: 0.6

sources: CNVD: CNVD-2025-08344

EXTERNAL IDS

db:NVDid:CVE-2024-7159

Trust: 3.2

db:VULDBid:272573

Trust: 1.0

db:JVNDBid:JVNDB-2024-005105

Trust: 0.8

db:CNVDid:CNVD-2025-08344

Trust: 0.6

sources: CNVD: CNVD-2025-08344 // JVNDB: JVNDB-2024-005105 // NVD: CVE-2024-7159

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3600r/product.md

Trust: 1.8

url:https://vuldb.com/?submit.377942

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-7159

Trust: 1.4

url:https://vuldb.com/?ctiid.272573

Trust: 1.0

url:https://vuldb.com/?id.272573

Trust: 1.0

sources: CNVD: CNVD-2025-08344 // JVNDB: JVNDB-2024-005105 // NVD: CVE-2024-7159

SOURCES

db:CNVDid:CNVD-2025-08344
db:JVNDBid:JVNDB-2024-005105
db:NVDid:CVE-2024-7159

LAST UPDATE DATE

2025-04-26T22:44:41.911000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-08344date:2025-04-25T00:00:00
db:JVNDBid:JVNDB-2024-005105date:2024-08-13T01:38:00
db:NVDid:CVE-2024-7159date:2024-08-08T12:15:56.080

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-08344date:2025-04-22T00:00:00
db:JVNDBid:JVNDB-2024-005105date:2024-08-13T00:00:00
db:NVDid:CVE-2024-7159date:2024-07-28T15:15:09.897