Primary

Context

TOTOLINK A3002R Telnet Insecure Credentials Vulnerability

Vulnerability

A vulnerability exists in the TOTOLINK A3002R router, specifically in version 4.0.0-B20230531.1404, due to insecure credentials for the telnet service and root account. This issue arises from a hard-coded shadow.sample file that can be exploited to gain unauthorized access via telnet.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device's telnet service, potentially leading to further exploitation or manipulation of the device.

Reproduction

The vulnerability can be reproduced by accessing the device's telnet service on port 23. Once connected, the hard-coded shadow.sample file can be used to gain root access, as the file contains insecure credentials that can be exploited.

Added: Aug 18, 2025, 8:22 PM

Updated: Aug 18, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK A3002R Telnet Insecure Credentials Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK A3002R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating