CVE-2022-48113
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
02/02/2023
Last modified:
26/03/2025
Description
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:totolink:n200re-v5_firmware:9.3.5u.6139:*:*:*:*:*:*:* | ||
cpe:2.3:h:totolink:n200re-v5:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page