Exploit
CVE-2024-8077

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Aug 22, 2024 / Updated: 2mo ago

010
CVSS 5.3EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A critical vulnerability has been discovered in the TOTOLINK AC1200 T8 router, specifically in version 4.1.5cu.862_B20230228. This vulnerability affects the setTracerouteCfg function and allows for OS command injection. The attack can be initiated remotely and does not require user interaction or special privileges.

Impact

This vulnerability has a severe impact potential. Successfully exploiting this flaw could lead to full system compromise, allowing an attacker to execute arbitrary commands on the affected device. This could result in: 1. Unauthorized access to sensitive information 2. Modification or destruction of data 3. Disruption of network services 4. Use of the compromised device as a pivot point for further attacks on the network The CVSS v3.1 base score of 9.8 (Critical) indicates that this vulnerability has high impact on confidentiality, integrity, and availability of the system.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the latest information provided, there is no mention of an available patch for this vulnerability. The vendor (TOTOLINK) was contacted about this disclosure but did not respond, which suggests that a patch may not be currently available.

Mitigation

Given the severity of this vulnerability and the lack of a vendor-provided patch, the following mitigation steps are recommended: 1. Immediately isolate affected TOTOLINK AC1200 T8 routers from the internet and restrict their access to trusted networks only. 2. If possible, replace the vulnerable devices with alternative, secure networking equipment. 3. If replacement is not immediately feasible, implement strong network segmentation to limit the potential impact of a compromised device. 4. Regularly monitor logs and network traffic for any suspicious activities that might indicate exploitation attempts. 5. Keep an eye on the vendor's website and security bulletins for any future patches or updates. 6. Consider implementing additional network security measures such as intrusion detection/prevention systems (IDS/IPS) to detect and block potential exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-8077. See article

Aug 22, 2024 at 8:10 PM / Vulnerability Database 🛡
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 22, 2024 at 8:11 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Aug 29, 2024 at 10:00 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Aug 29, 2024 at 11:10 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 28, 2024 at 9:22 PM / nvd
Static CVE Timeline Graph

Affected Systems

Totolink/t8_firmware
+null more

Exploits

https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

CVE-2024-8077 Exploit
CVE Id : CVE-2024-8077 Published Date: 2024-08-29T21:59:00+00:00 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. inTheWild added a link to an exploit:
CVE-2024-8077
Medium Severity Description A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Read more at https://www.tenable.com/cve/CVE-2024-8077
NA - CVE-2024-8077 - A vulnerability was found in TOTOLINK AC1200 T8...
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command...
CVE-2024-8077 - "TOTOLINK AC1200 T8 Remote OS Command Injection Vulnerability"
CVE ID : CVE-2024-8077 Published : Aug. 22, 2024, 8:15 p.m. 20 minutes ago Description : A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection.
CVE-2024-8077
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI