Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-42886

TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.

Published

2022-06-03T12:15:07.890

Last Modified

2024-11-21T06:28:16.390

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	ex1200t_firmware	4.1.2cu.5215	Yes
Hardware	totolink	ex1200t	-	No

References

https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md Exploit, Third Party Advisory ([email protected])
https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)