Search criteria
6 vulnerabilities found for AC1200 T10 by TOTOLINK
CVE-2024-8577 (GCVE-0-2024-8577)
Vulnerability from cvelistv5 – Published: 2024-09-08 18:31 – Updated: 2024-09-10 14:59
VLAI?
Title
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow
Summary
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TOTOLINK | AC1200 T8 |
Affected:
4.1.5cu.861_B20230220
Affected: 4.1.8cu.5207 |
|||||||
|
|||||||||
Credits
yhryhryhr_tu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t8_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
},
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t10_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t10_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8577",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:58:24.863420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:59:09.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1200 T8",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
},
{
"product": "AC1200 T10",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion setStaticDhcpRules der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments desc mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-08T18:31:05.815Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276811 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276811"
},
{
"name": "VDB-276811 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276811"
},
{
"name": "Submit #401265 | TOTOLINK AC1200 T8 V4.1.5cu.861_B20230220 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.401265"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setStaticDhcpRules.md"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-07T19:20:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8577",
"datePublished": "2024-09-08T18:31:05.815Z",
"dateReserved": "2024-09-07T17:15:39.416Z",
"dateUpdated": "2024-09-10T14:59:09.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8576 (GCVE-0-2024-8576)
Vulnerability from cvelistv5 – Published: 2024-09-08 18:00 – Updated: 2024-09-10 14:57
VLAI?
Title
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow
Summary
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TOTOLINK | AC1200 T8 |
Affected:
4.1.5cu.861_B20230220
Affected: 4.1.8cu.5207 |
|||||||
|
|||||||||
Credits
yhryhryhr_tu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t8_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
},
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t10_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t10_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8576",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:56:55.022823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:57:56.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1200 T8",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
},
{
"product": "AC1200 T10",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 ausgemacht. Es betrifft die Funktion setIpPortFilterRules der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren des Arguments desc mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-08T18:00:06.899Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276810 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276810"
},
{
"name": "VDB-276810 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276810"
},
{
"name": "Submit #401264 | TOTOLINK AC1200 T8 V4.1.5cu.861_B20230220 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.401264"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setIpPortFilterRules.md"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-07T19:20:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8576",
"datePublished": "2024-09-08T18:00:06.899Z",
"dateReserved": "2024-09-07T17:15:34.635Z",
"dateUpdated": "2024-09-10T14:57:56.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8573 (GCVE-0-2024-8573)
Vulnerability from cvelistv5 – Published: 2024-09-08 10:00 – Updated: 2025-03-03 18:05
VLAI?
Title
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow
Summary
A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TOTOLINK | AC1200 T8 |
Affected:
4.1.5cu.861_B20230220
Affected: 4.1.8cu.5207 |
|||||||
|
|||||||||
Credits
noahze (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t8_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
},
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t10_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t10_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:37:53.458106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:41:22.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1200 T8",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
},
{
"product": "AC1200 T10",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "noahze (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 gefunden. Es geht dabei um die Funktion setParentalRules der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments desc/week/sTime/eTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T18:05:09.848Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276807 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276807"
},
{
"name": "VDB-276807 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276807"
},
{
"name": "Submit #401262 | TOTOLINK AC1200 T8 V4.1.5cu.861_B20230220 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.401262"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setParentalRules.md"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T19:10:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8573",
"datePublished": "2024-09-08T10:00:06.219Z",
"dateReserved": "2024-09-07T17:15:07.117Z",
"dateUpdated": "2025-03-03T18:05:09.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8577 (GCVE-0-2024-8577)
Vulnerability from nvd – Published: 2024-09-08 18:31 – Updated: 2024-09-10 14:59
VLAI?
Title
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow
Summary
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TOTOLINK | AC1200 T8 |
Affected:
4.1.5cu.861_B20230220
Affected: 4.1.8cu.5207 |
|||||||
|
|||||||||
Credits
yhryhryhr_tu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t8_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
},
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t10_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t10_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8577",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:58:24.863420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:59:09.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1200 T8",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
},
{
"product": "AC1200 T10",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion setStaticDhcpRules der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments desc mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-08T18:31:05.815Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276811 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276811"
},
{
"name": "VDB-276811 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276811"
},
{
"name": "Submit #401265 | TOTOLINK AC1200 T8 V4.1.5cu.861_B20230220 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.401265"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setStaticDhcpRules.md"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-07T19:20:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8577",
"datePublished": "2024-09-08T18:31:05.815Z",
"dateReserved": "2024-09-07T17:15:39.416Z",
"dateUpdated": "2024-09-10T14:59:09.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8576 (GCVE-0-2024-8576)
Vulnerability from nvd – Published: 2024-09-08 18:00 – Updated: 2024-09-10 14:57
VLAI?
Title
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow
Summary
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TOTOLINK | AC1200 T8 |
Affected:
4.1.5cu.861_B20230220
Affected: 4.1.8cu.5207 |
|||||||
|
|||||||||
Credits
yhryhryhr_tu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t8_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
},
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t10_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t10_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8576",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:56:55.022823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:57:56.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1200 T8",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
},
{
"product": "AC1200 T10",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 ausgemacht. Es betrifft die Funktion setIpPortFilterRules der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren des Arguments desc mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-08T18:00:06.899Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276810 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276810"
},
{
"name": "VDB-276810 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276810"
},
{
"name": "Submit #401264 | TOTOLINK AC1200 T8 V4.1.5cu.861_B20230220 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.401264"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setIpPortFilterRules.md"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-07T19:20:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8576",
"datePublished": "2024-09-08T18:00:06.899Z",
"dateReserved": "2024-09-07T17:15:34.635Z",
"dateUpdated": "2024-09-10T14:57:56.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8573 (GCVE-0-2024-8573)
Vulnerability from nvd – Published: 2024-09-08 10:00 – Updated: 2025-03-03 18:05
VLAI?
Title
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow
Summary
A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TOTOLINK | AC1200 T8 |
Affected:
4.1.5cu.861_B20230220
Affected: 4.1.8cu.5207 |
|||||||
|
|||||||||
Credits
noahze (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t8_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t8_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
},
{
"cpes": [
"cpe:2.3:o:totolink:ac1200_t10_firmware:4.1.5cu.861_b20230220:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1200_t10_firmware",
"vendor": "totolink",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_b20230220"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:37:53.458106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:41:22.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1200 T8",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
},
{
"product": "AC1200 T10",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.5cu.861_B20230220"
},
{
"status": "affected",
"version": "4.1.8cu.5207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "noahze (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207 gefunden. Es geht dabei um die Funktion setParentalRules der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments desc/week/sTime/eTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T18:05:09.848Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276807 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276807"
},
{
"name": "VDB-276807 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276807"
},
{
"name": "Submit #401262 | TOTOLINK AC1200 T8 V4.1.5cu.861_B20230220 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.401262"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setParentalRules.md"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T19:10:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8573",
"datePublished": "2024-09-08T10:00:06.219Z",
"dateReserved": "2024-09-07T17:15:07.117Z",
"dateUpdated": "2025-03-03T18:05:09.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}