{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7216","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-07-29T18:17:45.931Z","datePublished":"2024-07-30T04:00:05.592Z","dateUpdated":"2024-08-01T21:52:31.490Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-07-30T04:00:05.592Z"},"title":"TOTOLINK LR1200 shadow.sample hard-coded password","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-259","lang":"en","description":"CWE-259 Use of Hard-coded Password"}]}],"affected":[{"vendor":"TOTOLINK","product":"LR1200","versions":[{"version":"9.3.1cu.2832","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine Schwachstelle in TOTOLINK LR1200 9.3.1cu.2832 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /etc/shadow.sample. Durch das Beeinflussen mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":2.1,"vectorString":"CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","baseSeverity":"LOW"}},{"cvssV3_1":{"version":"3.1","baseScore":2.6,"vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.6,"vectorString":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":1.4,"vectorString":"AV:A/AC:H/Au:S/C:P/I:N/A:N"}}],"timeline":[{"time":"2024-07-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-07-29T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-07-29T20:23:00.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"yhryhryhr_miemie (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.272787","name":"VDB-272787 | TOTOLINK LR1200 shadow.sample hard-coded password","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.272787","name":"VDB-272787 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.378331","name":"Submit #378331 | TOTOLINK LR1200 V9.3.1cu.2832 Use of Hard-coded Password","tags":["third-party-advisory"]},{"url":"https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"totolink","product":"lr1200_firmware","cpes":["cpe:2.3:o:totolink:lr1200_firmware:9.3.1cu.2832:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"9.3.1cu.2832","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-30T14:20:40.359345Z","id":"CVE-2024-7216","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-30T14:48:20.468Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:52:31.490Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.272787","name":"VDB-272787 | TOTOLINK LR1200 shadow.sample hard-coded password","tags":["vdb-entry","x_transferred"]},{"url":"https://vuldb.com/?ctiid.272787","name":"VDB-272787 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.378331","name":"Submit #378331 | TOTOLINK LR1200 V9.3.1cu.2832 Use of Hard-coded Password","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md","tags":["exploit","x_transferred"]}]}]}}