CVE-2024-8576: Critical Vulnerability Found in TOTOLINK AC120 T8 and AC120 T10 Routers

A critical vulnerability, registered as CVE-2024-8576, has been discovered in TOTOLINK AC120 T8 and AC120 T10 router models, specifically affecting firmware versions 4.1.5cu.861_B20230220 and 4.1.8cu.5207. Due to this vulnerability, a buffer overflow can be exploited through the setIpPortFilterRules function within the /cgi-bin/cstecgi.cgi file. This overflow can lead to potential system corruption, unauthorized data access, and a potential takeover of the affected device.

The main issue lies in the manipulation of the 'desc' argument found in the aforementioned function, which allows the attack to be launched remotely. Although the vendor has been informed about this vulnerability beforehand, no response or patch has been provided thus far. As such, the exploit has been disclosed to the public, meaning that it could be used maliciously by potential attackers.

[Code Snippet]

For better understanding, here's a simple code snippet that demonstrates how the vulnerability can be exploited:

import requests

target_url = "http://<target_ip>/cgi-bin/cstecgi.cgi/";

payload = {
    "function": "setIpPortFilterRules",
    "desc": "A" * 500, # This will trigger the buffer overflow
    # ... additional parameters as needed
}

response = requests.post(target_url, data=payload)

This vulnerability was first discovered and documented in the following references

1. CVE-2024-8576 Vulnerability Details
2. NIST National Vulnerability Database (NVD) Entry for CVE-2024-8576
3. Security Tracker Page for CVE-2024-8576

[Exploit Details]

Since the vulnerability can be exploited remotely, an attacker would simply need to send a POST request to the target device with a carefully crafted payload, triggering the buffer overflow in the setIpPortFilterRules function by manipulating the 'desc' field.

Upon successful execution of the attack, the attacker could compromise the integrity of the affected TOTOLINK router, potentially corrupting its system, accessing sensitive data, and even fully controlling the device, thus allowing the attacker to carry out further malicious actions.

As mentioned earlier, the vendor has been informed about this vulnerability but has not provided any response or patch. The disclosure of this exploit to the public poses a serious risk to TOTOLINK AC120 T8 and AC120 T10 router users, as it could be exploited by potential attackers with malicious intent.

[Recommendations]

TOTOLINK AC120 T8 and AC120 T10 router users are strongly advised to monitor vulnerability disclosures and patch information provided by the vendor, as well as to keep their devices updated with the latest firmware versions provided by TOTOLINK. Users can also monitor the references provided in this article for updates and, whenever possible, restrict remote access to their routers to minimize the risk of a remote attack exploiting this vulnerability.

Timeline

Published on: 09/08/2024 18:15:02 UTC
Last modified on: 09/09/2024 18:59:57 UTC