A vulnerability, which was classified as very critical, has been found in Totolink CP900L 4.1.5cu.798_B20221228. This issue affects some unknown processing of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password.

The identification of this vulnerability is CVE-2024-35395. The attack may be initiated remotely. There is no exploit available.

It is recommended to apply restrictive firewalling.