Details of VAR-202409-0212

ID

VAR-202409-0212

CVE

CVE-2024-8577

TITLE

TOTOLINK of T8 firmware and t10 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007650

DESCRIPTION

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 firmware and t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to corrupt memory and cause the browser to crash

Trust: 2.16

sources: NVD: CVE-2024-8577 // JVNDB: JVNDB-2024-007650 // CNVD: CNVD-2025-12879

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12879

AFFECTED PRODUCTS

vendor:	totolink	model:	t10	scope:	eq	version:	4.1.8cu.5207	Trust: 1.0
vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.861_b20230220	Trust: 1.0
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t10	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ac1200 t8 4.1.5cu.861 b20230220	scope:	-	version:	-	Trust: 0.6
vendor:	totolink	model:	ac1200 t10 4.1.8cu.5207	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12879 // JVNDB: JVNDB-2024-007650 // NVD: CVE-2024-8577

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8577
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-8577
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-007650
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12879
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8577
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-007650
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12879
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8577
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-007650
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12879 // JVNDB: JVNDB-2024-007650 // NVD: CVE-2024-8577 // NVD: CVE-2024-8577

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007650 // NVD: CVE-2024-8577

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8577	Trust: 3.2
db:	VULDB	id:	276811	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-007650	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12879	Trust: 0.6

sources: CNVD: CNVD-2025-12879 // JVNDB: JVNDB-2024-007650 // NVD: CVE-2024-8577

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/ac1200t8/setstaticdhcprules.md	Trust: 1.8
url:	https://vuldb.com/?id.276811	Trust: 1.8
url:	https://vuldb.com/?submit.401265	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8577	Trust: 1.4
url:	https://vuldb.com/?ctiid.276811	Trust: 1.0

sources: CNVD: CNVD-2025-12879 // JVNDB: JVNDB-2024-007650 // NVD: CVE-2024-8577

SOURCES

db:	CNVD	id:	CNVD-2025-12879
db:	JVNDB	id:	JVNDB-2024-007650
db:	NVD	id:	CVE-2024-8577

LAST UPDATE DATE

2025-06-21T23:25:08.818000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12879	date:	2025-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-007650	date:	2024-09-10T01:00:00
db:	NVD	id:	CVE-2024-8577	date:	2024-09-09T18:51:32.377

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12879	date:	2025-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-007650	date:	2024-09-10T00:00:00
db:	NVD	id:	CVE-2024-8577	date:	2024-09-08T19:15:10.203