CVE-2024-8574

Summary

CVE-2024-8574 is a critical vulnerability discovered in the TOTOLINK AC1200 T8 router running firmware version 4.1.5cu.861_B20230220, specifically affecting the setParentalRules function in the /cgi-bin/cstecgi.cgi file. This vulnerability allows for OS command injection via manipulation of the slaveIpList argument, which can be exploited remotely. Organizations using this router are at risk as the exploit has been publicly disclosed, and no response has been received from the vendor regarding mitigation. To remediate this issue, it is recommended that users upgrade to a patched version of the firmware as soon as it becomes available. The potential danger includes unauthorized access to system commands, which could compromise network integrity and confidentiality with low complexity and minimal required privileges for an attacker.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.