Details of VAR-202409-0189

ID

VAR-202409-0189

CVE

CVE-2024-8580

TITLE

TOTOLINK of T8 Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007761

DESCRIPTION

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 A vulnerability exists in the firmware related to the use of hardcoded passwords.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to bypass authentication

Trust: 2.16

sources: NVD: CVE-2024-8580 // JVNDB: JVNDB-2024-007761 // CNVD: CNVD-2025-03613

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-03613

AFFECTED PRODUCTS

vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.861_b20230220	Trust: 1.0
vendor:	totolink	model:	t8	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	t8 firmware 4.1.5cu.861 b20230220	Trust: 0.8
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	ac1200 t8 4.1.5cu.861 b20230220	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-03613 // JVNDB: JVNDB-2024-007761 // NVD: CVE-2024-8580

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8580
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2024-8580
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-007761
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-03613
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8580
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-007761
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-03613
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8580
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-007761
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-03613 // JVNDB: JVNDB-2024-007761 // NVD: CVE-2024-8580 // NVD: CVE-2024-8580

PROBLEMTYPE DATA

problemtype:	CWE-259	Trust: 1.0
problemtype:	Using hardcoded passwords (CWE-259) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007761 // NVD: CVE-2024-8580

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8580	Trust: 3.2
db:	VULDB	id:	276814	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-007761	Trust: 0.8
db:	CNVD	id:	CNVD-2025-03613	Trust: 0.6

sources: CNVD: CNVD-2025-03613 // JVNDB: JVNDB-2024-007761 // NVD: CVE-2024-8580

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/ac1200t8/shadow.md	Trust: 1.8
url:	https://vuldb.com/?submit.401293	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8580	Trust: 1.4
url:	https://vuldb.com/?ctiid.276814	Trust: 1.0
url:	https://vuldb.com/?id.276814	Trust: 1.0

sources: CNVD: CNVD-2025-03613 // JVNDB: JVNDB-2024-007761 // NVD: CVE-2024-8580

SOURCES

db:	CNVD	id:	CNVD-2025-03613
db:	JVNDB	id:	JVNDB-2024-007761
db:	NVD	id:	CVE-2024-8580

LAST UPDATE DATE

2025-02-27T02:56:23.100000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-03613	date:	2025-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-007761	date:	2024-09-11T03:21:00
db:	NVD	id:	CVE-2024-8580	date:	2024-09-10T15:47:47.397

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-03613	date:	2025-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-007761	date:	2024-09-11T00:00:00
db:	NVD	id:	CVE-2024-8580	date:	2024-09-08T21:15:11.107