CVE-2024-8580

Summary

CVE-2024-8580 is a critical vulnerability found in the TOTOLINK AC1200 T8 device, specifically in version 4.1.5cu.861_B20230220, which involves the use of a hard-coded password in the file /etc/shadow.sample. This vulnerability can be exploited remotely, although the complexity of executing an attack is considered high. The potential risks include significant impacts on integrity and confidentiality, scoring 8.1 on the CVSS scale, indicating a high severity level; successful exploitation may allow unauthorized access to sensitive information. To remediate this issue, users should update their devices to the latest firmware version provided by TOTOLINK, if available, and monitor for any further guidance from the vendor. Despite attempts to reach out to the vendor regarding this disclosure, there has been no response as of yet.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.