Sign-up

ID

VAR-202407-2458


CVE

CVE-2024-7155


TITLE

TOTOLINK  of  a3300r  Vulnerability related to use of hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005107

DESCRIPTION

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of a3300r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained. TOTOLINK A3300R is a wireless router produced by China's Jiweng Electronics (TOTOLINK) company. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-7155 // JVNDB: JVNDB-2024-005107 // CNVD: CNVD-2025-14569

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14569

AFFECTED PRODUCTS

vendor:totolinkmodel:a3300rscope:eqversion:17.0.0cu.557_b20221024

Trust: 1.0

vendor:totolinkmodel:a3300rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3300rscope:eqversion:a3300r firmware 17.0.0cu.557 b20221024

Trust: 0.8

vendor:totolinkmodel:a3300rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3300r 17.0.0cu.557 b20221024scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-14569 // JVNDB: JVNDB-2024-005107 // NVD: CVE-2024-7155

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-7155
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2024-7155
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-005107
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-14569
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2024-7155
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-005107
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-14569
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-7155
baseSeverity: LOW
baseScore: 2.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-7155
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-005107
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14569 // JVNDB: JVNDB-2024-005107 // NVD: CVE-2024-7155 // NVD: CVE-2024-7155

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-259

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005107 // NVD: CVE-2024-7155

PATCH

title:Patch for TOTOLINK A3300R /etc/shadow.sample file hard-coded password vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/704296

Trust: 0.6

sources: CNVD: CNVD-2025-14569

EXTERNAL IDS

db:NVDid:CVE-2024-7155

Trust: 3.2

db:VULDBid:272569

Trust: 2.4

db:JVNDBid:JVNDB-2024-005107

Trust: 0.8

db:CNVDid:CNVD-2025-14569

Trust: 0.6

sources: CNVD: CNVD-2025-14569 // JVNDB: JVNDB-2024-005107 // NVD: CVE-2024-7155

REFERENCES

url:https://vuldb.com/?id.272569

Trust: 2.4

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/a3300r/shadow.md

Trust: 1.8

url:https://vuldb.com/?submit.377465

Trust: 1.8

url:https://vuldb.com/?ctiid.272569

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-7155

Trust: 0.8

sources: CNVD: CNVD-2025-14569 // JVNDB: JVNDB-2024-005107 // NVD: CVE-2024-7155

SOURCES

db:CNVDid:CNVD-2025-14569
db:JVNDBid:JVNDB-2024-005107
db:NVDid:CVE-2024-7155

LAST UPDATE DATE

2025-07-03T23:12:19.024000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14569date:2025-07-01T00:00:00
db:JVNDBid:JVNDB-2024-005107date:2024-08-13T01:38:00
db:NVDid:CVE-2024-7155date:2024-08-08T12:34:01.330

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14569date:2025-07-01T00:00:00
db:JVNDBid:JVNDB-2024-005107date:2024-08-13T00:00:00
db:NVDid:CVE-2024-7155date:2024-07-28T10:15:03.053