OS Command Injection Vulnerability in TOTOLINK AC1200 T8 Router
CVE-2024-8075

9.8CRITICAL

Key Information:

Vendor
Totolink
Status
Ac1200 T8
Vendor
CVE Published:
22 August 2024

Summary

A serious vulnerability has been identified in the TOTOLINK AC1200 T8 router, specifically in its setDiagnosisCfg function. This flaw allows for remote command injection, enabling attackers to execute arbitrary operating system commands through manipulated requests. The potential consequences of this vulnerability are severe, as it could grant unauthorized access to sensitive information and control over the affected device. Despite early communication attempts, the vendor has yet to respond regarding this critical security issue, leaving users at risk. It is crucial for affected users to implement immediate security measures and monitor their devices for suspicious activities.

Affected Version(s)

AC1200 T8 4.1.5cu.862_B20230228

References

https://vuldb.com/?id.275557
vdb-entrytechnical-description
https://vuldb.com/?ctiid.275557
signaturepermissions-required
https://vuldb.com/?submit.390929
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

FPT IS Security (VulDB User)
.