CVE-2024-8075 – This critical vulnerability in TOTOLINK AC1200 ... (How to Fix)

Q: What is the severity of CVE-2024-8075?

CVE-2024-8075 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in TOTOLINK AC1200 T8 routers allows remote attackers to execute arbitrary operating system commands via the setDiagnosisCfg function. Attackers can exploit this to gain full control of affected devices without authentication. All users running the vulnerable firmware version are at risk.

📋 TL;DR

This critical vulnerability in TOTOLINK AC1200 T8 routers allows remote attackers to execute arbitrary operating system commands via the setDiagnosisCfg function. Attackers can exploit this to gain full control of affected devices without authentication. All users running the vulnerable firmware version are at risk.

💻 Affected Systems

Products:

TOTOLINK AC1200 T8

Versions: 4.1.5cu.862_B20230228

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default. No special configuration required.

📦 What is this software?

T8 Firmware by Totolink

View all CVEs affecting T8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept all network traffic, and use the device for botnet activities.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, DNS hijacking, and participation in DDoS attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-exposed devices immediate targets.

🏢 Internal Only: MEDIUM - Internal devices are still vulnerable to attacks from compromised internal hosts or malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. If update available, download from official source. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload new firmware file. 6. Wait for reboot and verify version.

🔧 Temporary Workarounds

Network Isolation

all

Place affected routers behind firewalls with strict inbound filtering to prevent external exploitation

Disable Remote Management

all

Turn off WAN-side administration access if enabled

🧯 If You Can't Patch

Replace affected devices with patched or alternative models
Implement strict network segmentation to isolate vulnerable routers from critical assets

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. Navigate to System Status or About page.

Check Version:

Check via web interface or SSH if enabled: cat /proc/version or similar vendor-specific commands

Verify Fix Applied:

Verify firmware version is no longer 4.1.5cu.862_B20230228 after update

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed login attempts to admin interface
Unexpected process creation

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Traffic patterns indicating command and control

SIEM Query:

source="router_logs" AND ("setDiagnosisCfg" OR "os command injection" OR suspicious shell commands)

📊 Metadata

CVE ID: CVE-2024-8075

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-78

Published: August 22, 2024

Last Updated: December 13, 2024

🔗 References

https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md Third Party Advisory
https://vuldb.com/?ctiid.275557 Permissions Required
https://vuldb.com/?id.275557 Third Party Advisory
https://vuldb.com/?submit.390929 Third Party Advisory
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8075, you might also want to check these: