Details of VAR-202408-2302

ID

VAR-202408-2302

CVE

CVE-2024-8078

TITLE

TOTOLINK of T8 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007106

DESCRIPTION

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 T8 is a dual-band full-gigabit router from China's TOTOLINK Electronics. The vulnerability is caused by the setTracerouteCfg method failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-8078 // JVNDB: JVNDB-2024-007106 // CNVD: CNVD-2025-08338

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-08338

AFFECTED PRODUCTS

vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.862_b20230228	Trust: 1.0
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	t8 firmware 4.1.5cu.862 b20230228	Trust: 0.8
vendor:	totolink	model:	ac1200 t8 4.1.5cu.862 b20230228	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-08338 // JVNDB: JVNDB-2024-007106 // NVD: CVE-2024-8078

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8078
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-8078
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-007106
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-08338
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8078
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-007106
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-08338
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8078
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-8078
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-007106
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-08338 // JVNDB: JVNDB-2024-007106 // NVD: CVE-2024-8078 // NVD: CVE-2024-8078

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007106 // NVD: CVE-2024-8078

PATCH

title:

Patch for TOTOLINK AC1200 T8 Buffer Overflow Vulnerability (CNVD-2025-08338)

url:

https://www.cnvd.org.cn/patchInfo/show/682276

Trust: 0.6

sources: CNVD: CNVD-2025-08338

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8078	Trust: 3.2
db:	VULDB	id:	275560	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-007106	Trust: 0.8
db:	CNVD	id:	CNVD-2025-08338	Trust: 0.6

sources: CNVD: CNVD-2025-08338 // JVNDB: JVNDB-2024-007106 // NVD: CVE-2024-8078

REFERENCES

url:	https://github.com/hawkteam404/rnd_public/blob/main/totolink_ac1200_t8_oscmdi_bof.md	Trust: 1.8
url:	https://vuldb.com/?id.275560	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8078	Trust: 1.4
url:	https://vuldb.com/?ctiid.275560	Trust: 1.0

sources: CNVD: CNVD-2025-08338 // JVNDB: JVNDB-2024-007106 // NVD: CVE-2024-8078

SOURCES

db:	CNVD	id:	CNVD-2025-08338
db:	JVNDB	id:	JVNDB-2024-007106
db:	NVD	id:	CVE-2024-8078

LAST UPDATE DATE

2025-04-26T22:39:47.443000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-08338	date:	2025-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-007106	date:	2024-09-03T03:34:00
db:	NVD	id:	CVE-2024-8078	date:	2024-12-13T14:51:05.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-08338	date:	2025-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2024-007106	date:	2024-09-03T00:00:00
db:	NVD	id:	CVE-2024-8078	date:	2024-08-22T21:15:17.603