OS Command Injection Vulnerability in TOTOLINK AC1200 T8 Router
CVE-2024-8075

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: Ac1200 T8
Vendor: CVE Published:; 22 August 2024

What is CVE-2024-8075?

A serious vulnerability has been identified in the TOTOLINK AC1200 T8 router, specifically in its setDiagnosisCfg function. This flaw allows for remote command injection, enabling attackers to execute arbitrary operating system commands through manipulated requests. The potential consequences of this vulnerability are severe, as it could grant unauthorized access to sensitive information and control over the affected device. Despite early communication attempts, the vendor has yet to respond regarding this critical security issue, leaving users at risk. It is crucial for affected users to implement immediate security measures and monitor their devices for suspicious activities.

Affected Version(s)

AC1200 T8 4.1.5cu.862_B20230228

References

https://vuldb.com/?id.275557

vdb-entrytechnical-description

https://vuldb.com/?ctiid.275557

signaturepermissions-required

https://vuldb.com/?submit.390929

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2024

Credit

FPT IS Security (VulDB User)

Totolink

What is CVE-2024-8075?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit