CVE-2024-8573

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 8, 2024
Updated: Sep 10, 2024
CWE ID 120

Summary

CVE-2024-8573 is a critical vulnerability affecting TOTOLINK AC1200 T8 and AC1200 T10 routers running firmware versions 4.1.5cu.861_B20230220 and 4.1.8cu.5207, specifically within the setParentalRules function of the cgi-bin/cstecgi.cgi file. This vulnerability allows for a buffer overflow due to improper manipulation of the 'desc' argument, enabling remote attackers to exploit the flaw without requiring user interaction. The potential impact includes high risks to confidentiality, integrity, and availability of affected systems, with a CVSS score of 9.0 indicating severe implications for organizations using these products. To remediate this issue, it is recommended that affected users update their firmware to patched versions as soon as they become available or implement firewall rules to restrict access until updates can be applied. The vendor has not responded to disclosures regarding this vulnerability, raising concerns about their responsiveness in addressing security issues.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share