CVE-2024-31810 – This vulnerability involves a hardcoded root pa... (How to Fix)

Q: What is the severity of CVE-2024-31810?

CVE-2024-31810 has a CVSS score of 9.8 (CRITICAL). This vulnerability involves a hardcoded root password in TOTOLINK EX200 routers, allowing attackers to gain administrative access. Anyone using affected TOTOLINK EX200 routers with the vulnerable firmware version is at risk of complete device compromise.

📋 TL;DR

This vulnerability involves a hardcoded root password in TOTOLINK EX200 routers, allowing attackers to gain administrative access. Anyone using affected TOTOLINK EX200 routers with the vulnerable firmware version is at risk of complete device compromise.

💻 Affected Systems

Products:

TOTOLINK EX200

Versions: V4.0.3c.7646_B20201211

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The hardcoded password is present in the /etc/shadow.sample file, which may be used during system configuration or recovery.

📦 What is this software?

Ex200 Firmware by Totolink

View all CVEs affecting Ex200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full root access to the router, enabling them to intercept all network traffic, install persistent malware, pivot to internal networks, and permanently compromise the device.

🟠

Likely Case

Attackers use the known password to gain administrative access, change router settings, intercept sensitive data, and use the router as a foothold for further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the router itself, though attackers could still intercept traffic passing through the device.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers who can exploit this vulnerability remotely.

🏢 Internal Only: MEDIUM - If the router is not internet-facing but accessible on internal networks, attackers with internal access could still exploit it.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the hardcoded password and SSH/Telnet access to the router. The GitHub reference provides technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch is currently available. Check TOTOLINK's website for firmware updates and security advisories.

🔧 Temporary Workarounds

Change root password

linux

Manually change the root password to a strong, unique password

passwd root

Disable remote administration

all

Disable SSH/Telnet access from WAN interfaces

🧯 If You Can't Patch

Isolate affected routers in a separate network segment with strict firewall rules
Implement network monitoring to detect unauthorized access attempts to router administration interfaces

🔍 How to Verify

Check if Vulnerable:

Check if /etc/shadow.sample contains a hardcoded password entry for root. Use: cat /etc/shadow.sample | grep root

Check Version:

Check firmware version in router web interface or use: cat /proc/version

Verify Fix Applied:

Verify the root password has been changed by attempting to log in with the old password (should fail) and with the new password (should succeed if correct).

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful root login
SSH/Telnet connections from unexpected sources to router

Network Indicators:

Unusual outbound connections from router
Traffic patterns indicating router compromise

SIEM Query:

source="router_logs" (event="authentication success" AND user="root") OR (event="ssh connection" AND dest_ip="router_ip")

📊 Metadata

CVE ID: CVE-2024-31810

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: May 14, 2024

Last Updated: April 9, 2025

🔗 References

https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md Exploit,Third Party Advisory
https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/HardCode/HardCode.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31810, you might also want to check these: