Vulnerabilities > CVE-2024-0569 - Missing Authorization vulnerability in Totolink T8 Firmware 4.1.5Cu.83320220905

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

totolink

CWE-862

critical

NVD

Published: 2024-01-16

Updated: 2024-05-17

Summary

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Totolink Totolink T8 Firmware 4.1.5Cu.833_20220905	1
Hardware	Totolink Totolink T8 -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References