CVE-2024-35396
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which all
CVSS
9.8
Crítico
EPSS
0.5%
p42
KEV
—
Exploit Today
13
0-100
Publicado: 24 may 2024 · Última mod.: 9 jul 2026 · CWE-798 · CWE-284
0.5%EPSS · 30 días0.6%
2026-06-302026-07-17
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-292689.8 CRÍ93.8%
——28ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.13dCVE-2021-426358.1 ALT91.9%
——28PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.9dCVE-2026-503517.8 ALT84.8%
——25Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.2dCVE-2026-504237.8 ALT82.8%
——25Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.3dCVE-2026-498057.0 ALT81.6%
——24Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.2dCVE-2023-285319.8 CRÍ81.1%
——24ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.4d