PT-2024-15662 · Totolink · Totolink T8

Chun-Li Lin

Published

2024-01-16

Updated

2024-06-18

CVE-2024-0569

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Totolink T8 version 4.1.5cu.833 20220905

Description A problematic vulnerability has been found in the Totolink T8, affecting the getSysStatusCfg function of the /cgi-bin/cstecgi.cgi file in the Setting Handler component. The manipulation of the ssid/key argument leads to information disclosure. This issue can be exploited remotely.

Recommendations For Totolink T8 version 4.1.5cu.833 20220905, upgrade to version 4.1.5cu.862 B20230228 to address this issue. As a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file or disabling the getSysStatusCfg function until the update is applied. Avoid using the ssid/key argument in the affected component until the issue is resolved.

Exploit

Fix

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

CVE-2024-0569

Affected Products

Totolink T8

PT-2024-15662 · Totolink · Totolink T8

CVE-2024-0569

Weakness Enumeration

Related Identifiers

Affected Products

References · 15