Remote Code Execution Vulnerability in TOTOLINK AC1200 T8 Router
CVE-2024-8077

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: T8 Firmware
Vendor: CVE Published:; 22 August 2024

Summary

A recently identified vulnerability in the TOTOLINK AC1200 T8 router, occurring in version 4.1.5cu.862_B20230228, has been classified as a critical security risk. The vulnerability resides in the setTracerouteCfg function, which is susceptible to OS command injection. Attackers can exploit this flaw to execute arbitrary commands on the device remotely, leading to potential unauthorized access and control over the router’s operations. Efforts to inform the vendor of this security flaw have gone unanswered, raising further concerns about the device's overall security posture. Users of this product are strongly advised to apply necessary mitigations to protect their network from potential exploit scenarios.

References

https://vuldb.com/?id.275559

https://vuldb.com/?ctiid.275559

https://github.com/hawkteam404/RnD_Public/blob/main/TOTOL...

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2024