CVE-2024-8579

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiRepeaterCfg.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.276813 Permissions Required
https://vuldb.com/?id.276813 Permissions Required Third Party Advisory
https://vuldb.com/?submit.401292 Third Party Advisory VDB Entry
https://www.totolink.net/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t8:-:*:*:*:*:*:*:*

History

10 Sep 2024, 15:47

Type Values Removed Values Added
CPE cpe:2.3:h:totolink:t8:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*
First Time Totolink t8
Totolink
Totolink t8 Firmware
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 9.8
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiRepeaterCfg.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiRepeaterCfg.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.276813 - () https://vuldb.com/?ctiid.276813 - Permissions Required
References () https://vuldb.com/?id.276813 - () https://vuldb.com/?id.276813 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.401292 - () https://vuldb.com/?submit.401292 - Third Party Advisory, VDB Entry
References () https://www.totolink.net/ - () https://www.totolink.net/ - Product

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. Afecta a la función setWiFiRepeaterCfg del archivo /cgi-bin/cstecgi.cgi. La manipulación del argumento password provoca un desbordamiento del búfer. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó primeramente con el proveedor sobre esta revelación, pero no respondió de ninguna manera.

08 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-08 20:15

Updated : 2024-09-10 15:47


NVD link : CVE-2024-8579

Mitre link : CVE-2024-8579

CVE.ORG link : CVE-2024-8579


JSON object : View

Products Affected

totolink

  • t8_firmware
  • t8
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')