.. / CVE-2024-7332

Exploit for TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability (CVE-2024-7332)

Description:

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.

Nuclei Template

View the template here CVE-2024-7332.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-7332.yaml
Copy

References:

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md
https://cvefeed.io/vuln/detail/CVE-2024-7332
https://www.tenable.com/cve/CVE-2024-7332
https://nvd.nist.gov/vuln/detail/CVE-2024-7332