CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-8573 – TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow
https://notcve.org/view.php?id=CVE-2024-8573
08 Sep 2024 — A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setParentalRules.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8079 – TOTOLINK AC1200 T8 exportOvpn buffer overflow
https://notcve.org/view.php?id=CVE-2024-8079
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8078 – TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-8078
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8077 – TOTOLINK AC1200 T8 setTracerouteCfg os command injection
https://notcve.org/view.php?id=CVE-2024-8077
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8076 – TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-8076
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •