CVE-2024-7332 Scanner

TOTOLINK CP450 is a widely used router in homes and small businesses, providing wireless networking and internet connectivity. It is designed for ease of use and quick setup, often utilized by users with limited technical knowledge. The CP450 model includes features such as guest networks and parental controls. However, it is primarily aimed at budget-conscious users who require reliable basic networking. Its firmware is periodically updated to address security and performance issues.

The TOTOLINK CP450 router has a critical security flaw due to a hard-coded password within its firmware. This vulnerability exists in version 4.1.0cu.747_B20191224 and allows attackers to gain unauthorized access to the device remotely. The flaw is located in the Telnet service, where the hard-coded password can be exploited without user interaction. This issue poses significant security risks to affected networks.

The vulnerability is found in the Telnet Service component of the TOTOLINK CP450 router, specifically within the file /web_cste/cgi-bin/product.ini. The file contains a hard-coded password, which is embedded in the firmware, providing no means for users to modify or remove it. This password can be easily extracted or exploited by remote attackers, granting them full access to the device. The vulnerability allows attackers to bypass authentication mechanisms and potentially take control of the router.

Exploiting this vulnerability allows attackers to gain full administrative access to the TOTOLINK CP450 router. Once accessed, they can modify network settings, redirect traffic, inject malicious code, or even disable the device entirely. Such unauthorized control can lead to network disruptions, data breaches, and exposure of sensitive information. In a worst-case scenario, the compromised router could be used as a launch point for further attacks on connected devices.

By using the S4E platform, users can stay ahead of potential threats by leveraging our comprehensive vulnerability scanning capabilities. Our platform automatically checks your network devices for known vulnerabilities like the hard-coded password issue in TOTOLINK CP450. Regular scans help you identify and mitigate risks before they are exploited. S4E provides actionable insights and remediation steps, empowering you to secure your digital assets with ease. Join our community to protect your network and enjoy peace of mind knowing that your devices are safeguarded.

References:

• https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md
• https://nvd.nist.gov/vuln/detail/CVE-2024-7332
• https://cvefeed.io/vuln/detail/CVE-2024-7332
• https://www.tenable.com/cve/CVE-2024-7332