An attacker may leverage this vulnerability to take control of an affected device.

TOTOLINK-720R v4.1.5cu.374 was also discovered to contain several high severity security vulnerabilities. It is recommended that device users update their TOTOLINK-720R v4.1.5cu.374 as soon as possible.

Reaver v3.3.6

Reaver is a tool that can recover WPA/WPA2 access points, even when the AP doesn't broadcast its SSID.

Summary

TOTOLINK-720R v4.1.5cu.374 is a NAS device that contains high severity security vulnerabilities that may allow for an attacker to take control of the device. It is recommended that users update their TOTOLINK-720R v4.1.5cu.374 as soon as possible to ensure their safety

Thumbprint Algorithm Security (TSA) vulnerability

The TOTOLINK-720R v4.1.5cu.374 device is prone to a security vulnerability that could allow an attacker to take control of the device by leveraging the Thumbprint Algorithm Security (TSA) vulnerability. This security vulnerability affects the authentication process and enables a malicious user to impersonate any authorized user.

This vulnerability occurs when a legitimate user's thumbprint is used in place of their password, which is then sent to a third party service that validates the fingerprint before allowing access to the device or network. This can be exploited in several different ways including:

A malicious user may obtain a legitimate users' thumbprint via phishing attack and then use it to impersonate them against other services like Google or Microsoft accounts, as well as access other devices on their network like NAS systems or routers for further exploitation.

The TOTOLINK-720R v4.1.5cu.374 was discovered to contain several high severity security vulnerabilities, including one that could be used by an attacker to take control of the device.
Device users are encouraged to update their firmware as soon as possible, though this may not solve all of the issues present in the current firmware.

Timeline

Published on: 09/15/2022 18:15:00 UTC
Last modified on: 09/20/2022 12:56:00 UTC

References