CVE advisoryCRITICAL
CVE-2024-35396
TOTOLINK CP900L Hardcoded Password Allows Root Login
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
A hardcoded password in TOTOLINK CP900L devices allows unauthorized root access via telnet. If reachable, attackers could gain full control, potentially leading to system compromise and data exposure. Verification of device exposure and relevance is advised.