CVE-2024-8162

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 26, 2024
Updated: Aug 27, 2024
CWE ID 798

Summary

CVE-2024-8162 is a critical vulnerability identified in the TOTOLINK T10 AC1200 firmware version 4.1.8cu.5207, specifically affecting the Telnet Service due to hard-coded credentials in the file /squashfs-root/web_cste/cgi-bin/product.ini. This vulnerability allows remote attackers to exploit the system without requiring authentication, posing a significant risk to confidentiality, integrity, and availability of affected systems. To remediate this issue, organizations should apply any available firmware updates from TOTOLINK or implement network-level access controls to restrict exposure to the Telnet service. The exploit has been publicly disclosed, increasing the urgency for organizations using affected products to address this vulnerability promptly. Failure to do so may lead to unauthorized access and potential compromise of sensitive information within their networks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share