Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 and T10 Products
CVE-2024-8576

8.8HIGH

Key Information:

Vendor: Totolink
Status: Ac1200 T8; Ac1200 T10
Vendor: CVE Published:; 8 September 2024

Badges

👾 Exploit Exists

What is CVE-2024-8576?

A significant buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 and AC1200 T10 routers, specifically in the setIpPortFilterRules function located within the cgi-bin/cstecgi.cgi file. This vulnerability enables an attacker to manipulate the 'desc' parameter, potentially leading to code execution via a remote attack. The exploit has been publicly disclosed, and even though the vendor was notified prior to the disclosure, no response was received. Users of these routers are advised to take immediate action to secure their devices.

Affected Version(s)

AC1200 T10 4.1.5cu.861_B20230220

AC1200 T10 4.1.8cu.5207

AC1200 T8 4.1.5cu.861_B20230220

References

https://vuldb.com/?id.276810

vdb-entrytechnical-description

https://vuldb.com/?ctiid.276810

signaturepermissions-required

https://vuldb.com/?submit.401264

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Sep 8, 2024
Vulnerability published
Sep 8, 2024
Vulnerability Reserved
Sep 7, 2024

Credit

yhryhryhr_tu (VulDB User)

Totolink

Badges

What is CVE-2024-8576?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit