Details of VAR-202407-2542

ID

VAR-202407-2542

CVE

CVE-2024-7216

TITLE

TOTOLINK of lr1200 Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005016

DESCRIPTION

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of lr1200 A vulnerability exists in the firmware related to the use of hardcoded passwords.Information may be obtained. TOTOLINK LR1200 is a wireless router designed for 4G LTE networks. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2024-7216 // JVNDB: JVNDB-2024-005016 // CNVD: CNVD-2025-14533

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-14533

AFFECTED PRODUCTS

vendor:	totolink	model:	lr1200	scope:	eq	version:	9.3.1cu.2832	Trust: 1.0
vendor:	totolink	model:	lr1200	scope:	eq	version:	lr1200 firmware 9.3.1cu.2832	Trust: 0.8
vendor:	totolink	model:	lr1200	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	lr1200	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	lr1200 9.3.1cu.2832	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-14533 // JVNDB: JVNDB-2024-005016 // NVD: CVE-2024-7216

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-7216
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2024-7216
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-005016
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-14533
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2024-7216
severity:	LOW
baseScore:	1.4
vectorString:	AV:A/AC:H/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-005016
severity:	LOW
baseScore:	1.4
vectorString:	AV:A/AC:H/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-14533
severity:	LOW
baseScore:	1.4
vectorString:	AV:A/AC:H/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-7216
baseSeverity:	LOW
baseScore:	2.6
vectorString:	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-7216
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-005016
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-14533 // JVNDB: JVNDB-2024-005016 // NVD: CVE-2024-7216 // NVD: CVE-2024-7216

PROBLEMTYPE DATA

problemtype:	CWE-259	Trust: 1.0
problemtype:	Using hardcoded passwords (CWE-259) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-005016 // NVD: CVE-2024-7216

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7216	Trust: 3.2
db:	VULDB	id:	272787	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-005016	Trust: 0.8
db:	CNVD	id:	CNVD-2025-14533	Trust: 0.6

sources: CNVD: CNVD-2025-14533 // JVNDB: JVNDB-2024-005016 // NVD: CVE-2024-7216

REFERENCES

url:	https://vuldb.com/?id.272787	Trust: 2.4
url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/lr1200/shadow.md	Trust: 1.8
url:	https://vuldb.com/?submit.378331	Trust: 1.8
url:	https://vuldb.com/?ctiid.272787	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7216	Trust: 0.8

sources: CNVD: CNVD-2025-14533 // JVNDB: JVNDB-2024-005016 // NVD: CVE-2024-7216

SOURCES

db:	CNVD	id:	CNVD-2025-14533
db:	JVNDB	id:	JVNDB-2024-005016
db:	NVD	id:	CVE-2024-7216

LAST UPDATE DATE

2025-07-03T23:12:19+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-14533	date:	2025-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2024-005016	date:	2024-08-08T03:13:00
db:	NVD	id:	CVE-2024-7216	date:	2024-08-06T14:28:51.927

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-14533	date:	2025-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2024-005016	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-7216	date:	2024-07-30T04:15:04.690