Details of VAR-202409-0159

ID

VAR-202409-0159

CVE

CVE-2024-8573

TITLE

TOTOLINK of T8 firmware and t10 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007740

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 firmware and t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the desc parameter not being properly length-validated. An attacker can exploit this vulnerability to execute arbitrary code or cause the device to crash

Trust: 2.16

sources: NVD: CVE-2024-8573 // JVNDB: JVNDB-2024-007740 // CNVD: CNVD-2025-09867

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09867

AFFECTED PRODUCTS

vendor:	totolink	model:	t10	scope:	eq	version:	4.1.8cu.5207	Trust: 1.0
vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.861_b20230220	Trust: 1.0
vendor:	totolink	model:	t10	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ac1200 t8 4.1.5cu.861 b20230220	scope:	-	version:	-	Trust: 0.6
vendor:	totolink	model:	ac1200 t10 4.1.8cu.5207	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-09867 // JVNDB: JVNDB-2024-007740 // NVD: CVE-2024-8573

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8573
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-8573
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-007740
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-09867
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8573
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-007740
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-09867
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8573
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-007740
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09867 // JVNDB: JVNDB-2024-007740 // NVD: CVE-2024-8573 // NVD: CVE-2024-8573

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007740 // NVD: CVE-2024-8573

PATCH

title:

Patch for TOTOLINK AC1200 T8 and AC1200 T10 cstecgi.cgi file setParentalRules function buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/687766

Trust: 0.6

sources: CNVD: CNVD-2025-09867

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8573	Trust: 3.2
db:	VULDB	id:	276807	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-007740	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09867	Trust: 0.6

sources: CNVD: CNVD-2025-09867 // JVNDB: JVNDB-2024-007740 // NVD: CVE-2024-8573

REFERENCES

url:	https://github.com/noahze01/iot-vulnerable/blob/main/totolink/ac1200t8/setparentalrules.md	Trust: 1.8
url:	https://vuldb.com/?id.276807	Trust: 1.8
url:	https://vuldb.com/?submit.401262	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8573	Trust: 1.4
url:	https://vuldb.com/?ctiid.276807	Trust: 1.0

sources: CNVD: CNVD-2025-09867 // JVNDB: JVNDB-2024-007740 // NVD: CVE-2024-8573

SOURCES

db:	CNVD	id:	CNVD-2025-09867
db:	JVNDB	id:	JVNDB-2024-007740
db:	NVD	id:	CVE-2024-8573

LAST UPDATE DATE

2025-05-17T03:46:16.015000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09867	date:	2025-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2024-007740	date:	2024-09-11T01:17:00
db:	NVD	id:	CVE-2024-8573	date:	2025-03-03T18:15:30.130

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09867	date:	2025-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2024-007740	date:	2024-09-11T00:00:00
db:	NVD	id:	CVE-2024-8573	date:	2024-09-08T10:15:01.907