Remote Code Execution Vulnerability in TOTOLINK AC1200 T8 Router
CVE-2024-8077
Summary
A recently identified vulnerability in the TOTOLINK AC1200 T8 router, occurring in version 4.1.5cu.862_B20230228, has been classified as a critical security risk. The vulnerability resides in the setTracerouteCfg function, which is susceptible to OS command injection. Attackers can exploit this flaw to execute arbitrary commands on the device remotely, leading to potential unauthorized access and control over the router’s operations. Efforts to inform the vendor of this security flaw have gone unanswered, raising further concerns about the device's overall security posture. Users of this product are strongly advised to apply necessary mitigations to protect their network from potential exploit scenarios.
References
EPSS Score
7% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published