CVE-2024-8162 – This critical vulnerability in TOTOLINK T10 AC1... (How to Fix)

Q: What is the severity of CVE-2024-8162?

CVE-2024-8162 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability in TOTOLINK T10 AC1200 routers involves hard-coded credentials in the Telnet service configuration file, allowing remote attackers to gain unauthorized access. Attackers can exploit this to take full control of affected devices. All users of the specified router model and firmware version are affected.

📋 TL;DR

This critical vulnerability in TOTOLINK T10 AC1200 routers involves hard-coded credentials in the Telnet service configuration file, allowing remote attackers to gain unauthorized access. Attackers can exploit this to take full control of affected devices. All users of the specified router model and firmware version are affected.

💻 Affected Systems

Products:

TOTOLINK T10 AC1200

Versions: 4.1.8cu.5207

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration. Telnet service may be enabled by default.

📦 What is this software?

T10 Firmware by Totolink

View all CVEs affecting T10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with ability to intercept/modify all network traffic, install persistent malware, pivot to internal network, and disable security controls.

🟠

Likely Case

Unauthorized administrative access to router leading to network surveillance, DNS hijacking, credential theft, and service disruption.

🟢

If Mitigated

Limited impact if Telnet service is disabled and device is not internet-facing, though risk remains if internal access is possible.

🌐 Internet-Facing: HIGH - Attackers can remotely exploit without authentication from anywhere on the internet.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this easily.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires only knowledge of hard-coded credentials and Telnet access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider replacing affected devices or implementing workarounds.

🔧 Temporary Workarounds

Disable Telnet Service

linux

Completely disable Telnet service on the router to prevent exploitation

telnet service disable
service telnet stop
systemctl disable telnet

Block Telnet Port

linux

Block Telnet port (23) at network perimeter

iptables -A INPUT -p tcp --dport 23 -j DROP
firewall-cmd --permanent --add-port=23/tcp --zone=public --remove-service=telnet

🧯 If You Can't Patch

Isolate affected routers in separate VLAN with strict access controls
Implement network monitoring for Telnet authentication attempts and block suspicious IPs

🔍 How to Verify

Check if Vulnerable:

Check if Telnet service is running on port 23 and attempt authentication with known hard-coded credentials from exploit disclosure

Check Version:

Check router web interface or use command: cat /proc/version | grep T10

Verify Fix Applied:

Verify Telnet service is disabled and port 23 is closed. Test that authentication with hard-coded credentials fails

📡 Detection & Monitoring

Log Indicators:

Successful Telnet authentication from unexpected sources
Multiple failed Telnet attempts followed by success
Configuration changes via Telnet session

Network Indicators:

Telnet connections to router on port 23
Unusual outbound traffic from router after Telnet access

SIEM Query:

source="router_logs" AND (event="telnet_login" OR port=23) AND result="success"

📊 Metadata

CVE ID: CVE-2024-8162

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: August 26, 2024

Last Updated: August 27, 2024

🔗 References

https://github.com/rohitburke/TOTOLINK Exploit,Third Party Advisory
https://vuldb.com/?ctiid.275760 Permissions Required
https://vuldb.com/?id.275760 Permissions Required,Third Party Advisory
https://vuldb.com/?submit.392015 Third Party Advisory,VDB Entry
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8162, you might also want to check these: