CVE-2024-8578

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t8:-:*:*:*:*:*:*:*

History

09 Sep 2024, 18:46

Type Values Removed Values Added
First Time Totolink
Totolink t8
Totolink t8 Firmware
CPE cpe:2.3:o:totolink:t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t8:-:*:*:*:*:*:*:*
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiMeshName.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiMeshName.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.276812 - () https://vuldb.com/?ctiid.276812 - Permissions Required
References () https://vuldb.com/?id.276812 - () https://vuldb.com/?id.276812 - Third Party Advisory
References () https://vuldb.com/?submit.401290 - () https://vuldb.com/?submit.401290 - Third Party Advisory
References () https://www.totolink.net/ - () https://www.totolink.net/ - Product

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. Se ha calificado como crítica. Este problema afecta a la función setWiFiMeshName del archivo /cgi-bin/cstecgi.cgi. La manipulación del argumento device_name provoca un desbordamiento del búfer. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó primeramente con el proveedor sobre esta revelación, pero no respondió de ninguna manera.

08 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-08 19:15

Updated : 2024-09-09 18:46


NVD link : CVE-2024-8578

Mitre link : CVE-2024-8578

CVE.ORG link : CVE-2024-8578


JSON object : View

Products Affected

totolink

  • t8_firmware
  • t8
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')