CVE-2024-46419 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-46419?

CVE-2024-46419 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK AC1200 T8 routers by exploiting a buffer overflow in the setWizardCfg function via the ssid5g parameter. Attackers can achieve full system compromise without authentication. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK AC1200 T8 routers by exploiting a buffer overflow in the setWizardCfg function via the ssid5g parameter. Attackers can achieve full system compromise without authentication. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

TOTOLINK AC1200 T8

Versions: v4.1.5cu.861_B20230220

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's setWizardCfg function. No special configuration is required for exploitation.

📦 What is this software?

T8 Firmware by Totolink

View all CVEs affecting T8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router takeover leading to persistent backdoor installation, network traffic interception, credential theft, and lateral movement to connected devices.

🟠

Likely Case

Router compromise enabling attackers to modify DNS settings, redirect traffic to malicious sites, or use the router as part of a botnet.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is disabled.

🌐 Internet-Facing: HIGH - The vulnerable function is accessible via web interface, making internet-exposed routers immediately vulnerable to remote exploitation.

🏢 Internal Only: HIGH - Even internally, any attacker on the network can exploit this without authentication to compromise the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub reference contains technical details and proof-of-concept information. Buffer overflow vulnerabilities in network devices are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. If update available, download from official source. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload new firmware file. 6. Wait for reboot and verify new version.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with different model that receives security updates
Implement strict firewall rules to block all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is v4.1.5cu.861_B20230220, the device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware Version page

Verify Fix Applied:

Verify firmware version has changed from vulnerable version. Test if setWizardCfg function still accepts malformed ssid5g input.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to setWizardCfg endpoint
Large payloads in ssid5g parameter
Router crash/reboot logs

Network Indicators:

HTTP requests with oversized ssid5g parameters to router management interface
Unusual outbound connections from router

SIEM Query:

http.method:POST AND http.uri:*setWizardCfg* AND http.param:ssid5g AND bytes > 1000

📊 Metadata

CVE ID: CVE-2024-46419

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 16, 2024

Last Updated: September 17, 2024

🔗 References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46419, you might also want to check these: