CVE-2024-35396
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which all
CVSS
9.8
Critical
EPSS
0.5%
p42
KEV
—
Exploit Today
13
0-100
Published: May 24, 2024 · Last modified: Jul 9, 2026 · CWE-798 · CWE-284
0.5%EPSS · 30 days0.6%
2026-06-302026-07-17
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-292689.8 CRI93.8%
——28ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.13dCVE-2021-426358.1 HIG91.9%
——28PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.9dCVE-2026-503517.8 HIG84.8%
——25Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.2dCVE-2026-504237.8 HIG82.8%
——25Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.3dCVE-2026-498057.0 HIG81.6%
——24Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.2dCVE-2023-285319.8 CRI81.1%
——24ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.4d