Details of VAR-202409-0258

ID

VAR-202409-0258

CVE

CVE-2024-8576

TITLE

TOTOLINK of T8 firmware and t10 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007647

DESCRIPTION

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of T8 firmware and t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to corrupt memory and cause the browser to crash

Trust: 2.16

sources: NVD: CVE-2024-8576 // JVNDB: JVNDB-2024-007647 // CNVD: CNVD-2025-12890

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12890

AFFECTED PRODUCTS

vendor:	totolink	model:	t10	scope:	eq	version:	4.1.8cu.5207	Trust: 1.0
vendor:	totolink	model:	t8	scope:	eq	version:	4.1.5cu.861_b20230220	Trust: 1.0
vendor:	totolink	model:	t8	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t10	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ac1200 t8 4.1.5cu.861 b20230220	scope:	-	version:	-	Trust: 0.6
vendor:	totolink	model:	ac1200 t10 4.1.8cu.5207	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12890 // JVNDB: JVNDB-2024-007647 // NVD: CVE-2024-8576

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8576
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-8576
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-007647
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12890
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8576
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-007647
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12890
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8576
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-007647
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12890 // JVNDB: JVNDB-2024-007647 // NVD: CVE-2024-8576 // NVD: CVE-2024-8576

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007647 // NVD: CVE-2024-8576

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8576	Trust: 3.2
db:	VULDB	id:	276810	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-007647	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12890	Trust: 0.6

sources: CNVD: CNVD-2025-12890 // JVNDB: JVNDB-2024-007647 // NVD: CVE-2024-8576

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/totolink/ac1200t8/setipportfilterrules.md	Trust: 1.8
url:	https://vuldb.com/?id.276810	Trust: 1.8
url:	https://vuldb.com/?submit.401264	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8576	Trust: 1.4
url:	https://vuldb.com/?ctiid.276810	Trust: 1.0

sources: CNVD: CNVD-2025-12890 // JVNDB: JVNDB-2024-007647 // NVD: CVE-2024-8576

SOURCES

db:	CNVD	id:	CNVD-2025-12890
db:	JVNDB	id:	JVNDB-2024-007647
db:	NVD	id:	CVE-2024-8576

LAST UPDATE DATE

2025-06-21T23:28:05.469000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12890	date:	2025-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-007647	date:	2024-09-10T00:49:00
db:	NVD	id:	CVE-2024-8576	date:	2024-09-09T18:59:57.423

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12890	date:	2025-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-007647	date:	2024-09-10T00:00:00
db:	NVD	id:	CVE-2024-8576	date:	2024-09-08T18:15:02.313