Command Injection Vulnerability in TOTOLINK AC1200 T8 Router
CVE-2024-8574
8.8HIGH
Key Information:
Badges
👾 Exploit Exists
What is CVE-2024-8574?
A critical command injection vulnerability has been identified in the TOTOLINK AC1200 T8 router that enables attackers to exploit the 'setParentalRules' function located in the /cgi-bin/cstecgi.cgi file. By manipulating the 'slaveIpList' argument, remote attackers can execute arbitrary operating system commands without the need for authentication. The vulnerability has been publicly disclosed, and despite early contact with the vendor, no response was received. This exploit poses a significant risk to users and requires immediate action to mitigate potential threats.
Affected Version(s)
AC1200 T8 4.1.5cu.861_B20230220
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
yhryhryhr_tu (VulDB User)