CVE-2024-35395
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows atta
CVSS
8.8
Alto
EPSS
0.4%
p35
KEV
—
Exploit Today
11
0-100
Publicado: 24 may 2024 · Última mod.: 9 jul 2026 · CWE-259
0.4%EPSS · 30 días0.5%
2026-06-302026-07-17
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2024-388857.5 ALT41.0%
——12An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.13dCVE-2026-220558.8 ALT14.6%
——4Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.18dCVE-2026-220548.8 ALT14.6%
——4Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.18d