CVE-2024-7332 in CP450info

Summary

by MITRE • 08/01/2024

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 08/09/2024

The vulnerability identified as CVE-2024-7332 represents a critical security flaw in the TOTOLINK CP450 router firmware version 4.1.0cu.747_B20191224 affecting the Telnet service component. This issue resides within the /web_cste/cgi-bin/product.ini file and demonstrates a classic hard-coded credential vulnerability that poses significant risks to network security. The presence of hard-coded passwords in network devices is particularly dangerous as it eliminates the possibility of dynamic credential management and creates persistent attack vectors that remain viable regardless of standard security practices.

The technical implementation of this vulnerability involves the inclusion of hardcoded authentication credentials within the router's configuration file, specifically within the Telnet service component. This design flaw allows attackers to gain unauthorized access to the device without requiring knowledge of legitimate user credentials or successful exploitation of other vulnerabilities. The vulnerability's classification as critical stems from its remote accessibility and the fact that it operates at the system level, potentially providing attackers with full administrative control over the affected device. This type of vulnerability directly maps to CWE-798, which specifically addresses the use of hard-coded credentials, and aligns with ATT&CK technique T1078.004 for Valid Accounts: Default Accounts, where default or hard-coded credentials are leveraged for unauthorized access.

The operational impact of this vulnerability extends beyond simple unauthorized access, as it can enable attackers to establish persistent backdoors within network infrastructure. Once compromised, the affected TOTOLINK CP450 devices can serve as entry points for lateral movement within networks, potentially facilitating more extensive attacks including data exfiltration, network reconnaissance, or as launching points for attacks against other connected systems. The remote exploitability of this vulnerability means that attackers do not need physical access to the device or network proximity to execute the attack, significantly expanding the potential attack surface and making this vulnerability particularly dangerous in enterprise and home network environments where such devices are commonly deployed.

Security professionals should immediately assess their network environments for devices running the affected firmware version and implement mitigation strategies including firmware updates from the vendor, network segmentation, and disabling unnecessary services such as Telnet where possible. The lack of vendor response to early disclosure attempts creates additional risk as users cannot rely on official patches or security advisories, potentially forcing organizations to implement emergency mitigation measures or consider alternative device replacement strategies. The public disclosure of this exploit further amplifies the risk as it provides attackers with readily available tools and techniques to compromise affected devices. Organizations should also consider implementing network monitoring to detect anomalous Telnet access patterns and establish incident response procedures specifically addressing hard-coded credential vulnerabilities. The vulnerability serves as a reminder of the critical importance of proper credential management in embedded systems and the necessity for vendors to maintain responsive security communication channels with the cybersecurity community.

Responsible

VulDB

Disclosure

08/01/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.20737

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!