Vulnerability Description
A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totolink | N200Re Firmware | 9.3.5u.6255_b20211224 |
| Totolink | N200Re | - |
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=shareExploitThird Party Advisory
- https://vuldb.com/?ctiid.229374Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.229374ExploitThird Party Advisory
- https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=shareExploitThird Party Advisory
- https://vuldb.com/?ctiid.229374Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.229374ExploitThird Party Advisory
FAQ
What is CVE-2023-2790?
CVE-2023-2790 is a vulnerability with a CVSS score of 2.3 (LOW). A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet...
How severe is CVE-2023-2790?
CVE-2023-2790 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2790?
Check the references section above for vendor advisories and patch information. Affected products include: Totolink N200Re Firmware, Totolink N200Re.