CVE-2024-8575

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 8, 2024
Updated: Sep 9, 2024
CWE ID 120

Summary

CVE-2024-8575 is a critical vulnerability affecting the TOTOLINK AC1200 T8 router with firmware version 4.1.5cu.861_B20230220, which allows for a buffer overflow due to improper handling of the argument 'desc' in the setWiFiScheduleCfg function of the CGI script /cgi-bin/cstecgi.cgi. This vulnerability can be exploited remotely, posing significant risks to an organization’s confidentiality, integrity, and availability of data, with a CVSS score of 9.0 indicating high severity. The exposure could allow attackers to gain unauthorized access and manipulate device functionality without user interaction. Remediation steps include updating the firmware to address this issue; however, as of now, the vendor has not responded to disclosures regarding this vulnerability. Organizations using affected devices should prioritize patching and monitoring network traffic for potential exploitation attempts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share