CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8077 – TOTOLINK AC1200 T8 setTracerouteCfg os command injection
https://notcve.org/view.php?id=CVE-2024-8077
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8076 – TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-8076
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •