Details of VAR-202409-0190

ID

VAR-202409-0190

CVE

CVE-2024-8578

TITLE

TOTOLINK of T8 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007674

DESCRIPTION

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 T8 is a dual-band full Gigabit router. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-8578 // JVNDB: JVNDB-2024-007674 // CNVD: CNVD-2025-14531

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-14531

AFFECTED PRODUCTS

vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.861_b20230220	Trust: 1.0
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	t8 firmware 4.1.5cu.861 b20230220	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ac1200 t8 4.1.5cu.861 b20230220	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-14531 // JVNDB: JVNDB-2024-007674 // NVD: CVE-2024-8578

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8578
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-8578
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-007674
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-14531
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8578
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-007674
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-14531
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8578
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-007674
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-14531 // JVNDB: JVNDB-2024-007674 // NVD: CVE-2024-8578 // NVD: CVE-2024-8578

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007674 // NVD: CVE-2024-8578

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8578	Trust: 3.2
db:	VULDB	id:	276812	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-007674	Trust: 0.8
db:	CNVD	id:	CNVD-2025-14531	Trust: 0.6

sources: CNVD: CNVD-2025-14531 // JVNDB: JVNDB-2024-007674 // NVD: CVE-2024-8578

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/ac1200t8/setwifimeshname.md	Trust: 1.8
url:	https://vuldb.com/?id.276812	Trust: 1.8
url:	https://vuldb.com/?submit.401290	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8578	Trust: 1.4
url:	https://vuldb.com/?ctiid.276812	Trust: 1.0

sources: CNVD: CNVD-2025-14531 // JVNDB: JVNDB-2024-007674 // NVD: CVE-2024-8578

SOURCES

db:	CNVD	id:	CNVD-2025-14531
db:	JVNDB	id:	JVNDB-2024-007674
db:	NVD	id:	CVE-2024-8578

LAST UPDATE DATE

2025-07-02T23:39:28.082000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-14531	date:	2025-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2024-007674	date:	2024-09-10T03:01:00
db:	NVD	id:	CVE-2024-8578	date:	2024-09-09T18:46:00.300

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-14531	date:	2025-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2024-007674	date:	2024-09-10T00:00:00
db:	NVD	id:	CVE-2024-8578	date:	2024-09-08T19:15:10.453