Details of VAR-202409-0213

ID

VAR-202409-0213

CVE

CVE-2024-8575

TITLE

TOTOLINK of T8 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007683

DESCRIPTION

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can use this vulnerability to execute code, control the target computer or crack its data

Trust: 2.16

sources: NVD: CVE-2024-8575 // JVNDB: JVNDB-2024-007683 // CNVD: CNVD-2025-09871

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09871

AFFECTED PRODUCTS

vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.861_b20230220	Trust: 1.0
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	t8 firmware 4.1.5cu.861 b20230220	Trust: 0.8
vendor:	totolink	model:	t8	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ac1200 t8 4.1.5cu.861 b20230220	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-09871 // JVNDB: JVNDB-2024-007683 // NVD: CVE-2024-8575

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8575
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-8575
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-007683
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-09871
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8575
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-007683
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-09871
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8575
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-007683
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09871 // JVNDB: JVNDB-2024-007683 // NVD: CVE-2024-8575 // NVD: CVE-2024-8575

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007683 // NVD: CVE-2024-8575

PATCH

title:

Patch for TOTOLINK AC1200 Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/687761

Trust: 0.6

sources: CNVD: CNVD-2025-09871

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8575	Trust: 3.2
db:	VULDB	id:	276809	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-007683	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09871	Trust: 0.6

sources: CNVD: CNVD-2025-09871 // JVNDB: JVNDB-2024-007683 // NVD: CVE-2024-8575

REFERENCES

url:	https://github.com/noahze01/iot-vulnerable/blob/main/totolink/ac1200t8/setwifischedulecfg.md	Trust: 1.8
url:	https://vuldb.com/?id.276809	Trust: 1.8
url:	https://vuldb.com/?submit.401263	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8575	Trust: 1.4
url:	https://vuldb.com/?ctiid.276809	Trust: 1.0

sources: CNVD: CNVD-2025-09871 // JVNDB: JVNDB-2024-007683 // NVD: CVE-2024-8575

SOURCES

db:	CNVD	id:	CNVD-2025-09871
db:	JVNDB	id:	JVNDB-2024-007683
db:	NVD	id:	CVE-2024-8575

LAST UPDATE DATE

2025-05-17T04:00:40.825000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09871	date:	2025-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2024-007683	date:	2024-09-10T03:25:00
db:	NVD	id:	CVE-2024-8575	date:	2024-09-09T18:47:45.917

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09871	date:	2025-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2024-007683	date:	2024-09-10T00:00:00
db:	NVD	id:	CVE-2024-8575	date:	2024-09-08T17:15:11.390