CVE-2024-8077

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 23, 2024
CWE ID 78

Summary

CVE-2024-8077 is a critical vulnerability affecting the TOTOLINK AC1200 T8 version 4.1.5cu.862_B20230228, which permits remote command injection via the function setTracerouteCfg. This vulnerability arises from improper neutralization of special elements used in an operating system command, classified under CWE-78. The risk associated with this vulnerability includes potential unauthorized remote access and manipulation of the affected device, which could compromise organizational integrity and confidentiality. To remediate this issue, organizations should apply any available patches from the vendor or consider disabling the affected functionality until a fix is issued. Notably, attempts to notify the vendor about this vulnerability have gone unanswered.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share