CVE-2024-8580

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220

Description: A critical vulnerability was found in the TOTOLINK AC1200 T8, affecting unknown code of the file /etc/shadow.sample. The manipulation leads to the use of a hard-coded password. The attack can be initiated remotely, with a rather high complexity. The exploitation appears to be difficult, and the exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. There are reports of increased actor activities targeting this vulnerability.

Recommendations: For TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220, as a temporary workaround, consider restricting access to the file /etc/shadow.sample until a patch is available. Avoid using hard-coded passwords in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.