CVE-2024-8075

Summary

CVE-2024-8075 is a critical vulnerability found in the TOTOLINK AC1200 T8 router firmware version 4.1.5cu.862_B20230228, which allows for remote OS command injection through the function setDiagnosisCfg. Affected organizations may face security risks due to the low authentication requirements and potential manipulation of system commands, leading to integrity and confidentiality impacts. To remediate this issue, it is recommended that users update their devices to the latest firmware version provided by the vendor, TOTOLINK; however, attempts to contact the vendor about this vulnerability have gone unanswered. The CVSS score for this vulnerability is 6.3, indicating a medium severity level with low complexity for exploitation. It is crucial for organizations using this product to take immediate action to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.