TOTOLINK AC1200 T8 CVE-2024-8574 CGI OS Command Injection

Key Information Vulnerability Name: TOTOLINK AC1200 T8 4.1.5CU.861_B20230220 /CGI-BIN/CSTECGI.CGI SETPARENTALRULES SLAVEIPLIST OS COMMAND INJECTION CVE ID: CVE-2024-8574 CVSS Meta Temp Score: 6.0 Current Vulnerability Price: $0-$5k CTI Interest Score: 2.54 Affected Product: TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 Vulnerability Description: - Affected Function: setParentalRules - Affected File: /cgi-bin/cstecgi.cgi - Affected Parameter: slaveIpList - Vulnerability Type: Command Injection - Scope: Remote - Severity: Critical Impact: - Affected Component: Downstream component - Scope: All or partial - Impact Type: OS Command - Input Source: External input - Result: May modify OS command Impact Scope: Affects confidentiality, integrity, and availability of the file Disclosure: - Discovery Date: 2024 - Disclosure Platform: GitHub - Vulnerability ID: CVE-2024-8574 Exploitation: - Exploitation Difficulty: Easy - Exploitation Method: Remote - Exploitation Tools: Publicly available Remediation: - Fix Status: Unknown - Recommended Fix: Replace affected component References: - VDB-274355 - VDB-274356 - VDB-274357 - VDB-275033 Summary This vulnerability is a command injection flaw affecting the function in the TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 device. Exploiting this vulnerability allows attackers to execute arbitrary commands remotely, posing a severe threat to the confidentiality, integrity, and availability of the system. Affected users are advised to promptly replace the vulnerable component to mitigate the risk.

Goal Reached Thanks to every supporter — we hit 100%!

TOTOLINK AC1200 T8 CVE-2024-8574 CGI OS Command Injection