How severe is CVE-2024-1661?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-1661?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2024-1661

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

CVSS v2 Score

1.0

Low

Weakness Type

CWE-798

View all →

Vulnerability Description

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2018-1650

MEDIUM

CVSS:5.5(Medium)

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.

CWE-7982018

CVE-2019-16150

MEDIUM

CVSS:5.5(Medium)

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local sto...

CWE-7982019

CVE-2019-5106

MEDIUM

CVSS:5.5(Medium)

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway ...

CWE-7982019

CVE-2020-11723

MEDIUM

CVSS:5.5(Medium)

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when perform...

CWE-7982020

CVE-2020-12376

MEDIUM

CVSS:5.5(Medium)

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclos...

CWE-7982020

CVE-2020-5667

MEDIUM

CVSS:5.5(Medium)

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external s...

CWE-7982020

CVE-2024-1661

Vulnerability Description

Related Vulnerabilities

CVE-2018-1650

CVE-2019-16150

CVE-2019-5106

CVE-2020-11723

CVE-2020-12376

CVE-2020-5667