CVE-2024-8575 – This critical buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2024-8575?

CVE-2024-8575 has a CVSS score of 8.8 (HIGH). This critical buffer overflow vulnerability in TOTOLINK AC1200 T8 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the setWiFiScheduleCfg function. Attackers can potentially take full control of affected devices without authentication. All users running the vulnerable firmware version are affected.

📋 TL;DR

This critical buffer overflow vulnerability in TOTOLINK AC1200 T8 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the setWiFiScheduleCfg function. Attackers can potentially take full control of affected devices without authentication. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

TOTOLINK AC1200 T8

Versions: 4.1.5cu.861_B20230220

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable function is part of the web management interface accessible via HTTP/HTTPS. No special configuration is required for exploitation.

📦 What is this software?

T8 Firmware by Totolink

View all CVEs affecting T8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, creation of persistent backdoors, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify device settings, intercept network traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal exploitation risk remains.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploit details are available.

🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and can be exploited by any network-adjacent attacker.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making weaponization straightforward. The vulnerability requires no authentication and has a simple exploitation path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. The vendor has not responded to disclosure. Monitor the vendor website for firmware updates at https://www.totolink.net/.

🔧 Temporary Workarounds

Disable remote management

all

Disable web management interface access from WAN/Internet to prevent remote exploitation

Network segmentation

all

Place affected routers in isolated network segments with strict firewall rules

🧯 If You Can't Patch

Replace affected devices with patched alternatives from different vendors
Implement strict network access controls to limit exposure to only trusted internal networks

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface at System Status > Firmware Version. If version is 4.1.5cu.861_B20230220, device is vulnerable.

Check Version:

Check via web interface or SSH if enabled: cat /proc/version or check web admin panel

Verify Fix Applied:

Verify firmware version has been updated to a version newer than 4.1.5cu.861_B20230220. No official patched version is currently available.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /cgi-bin/cstecgi.cgi with setWiFiScheduleCfg function
Large payloads in requests to the management interface
Multiple failed exploitation attempts

Network Indicators:

Unusual outbound connections from router to unknown IPs
Traffic spikes to/from router management interface
HTTP requests with buffer overflow patterns

SIEM Query:

source="router_logs" AND (uri="/cgi-bin/cstecgi.cgi" AND (method="POST" AND data CONTAINS "setWiFiScheduleCfg"))

📊 Metadata

CVE ID: CVE-2024-8575

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 8, 2024

Last Updated: September 9, 2024

🔗 References

https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setWiFiScheduleCfg.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.276809 Permissions Required
https://vuldb.com/?id.276809 Third Party Advisory
https://vuldb.com/?submit.401263 Third Party Advisory
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8575, you might also want to check these: