Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8162

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published

2024-08-26T13:15:06.117

Last Modified

2024-08-27T14:28:46.927

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	t10_firmware	4.1.8cu.5207	Yes
Hardware	totolink	t10	-	No

References

https://github.com/rohitburke/TOTOLINK Exploit, Third Party Advisory ([email protected])
https://vuldb.com/?ctiid.275760 Permissions Required ([email protected])
https://vuldb.com/?id.275760 Permissions Required, Third Party Advisory ([email protected])
https://vuldb.com/?submit.392015 Third Party Advisory, VDB Entry ([email protected])
https://www.totolink.net/ Product ([email protected])