CVE-2024-8077 in AC1200 T8
Summary
by MITRE • 08/22/2024
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/13/2024
The vulnerability identified as CVE-2024-8077 represents a critical os command injection flaw in the TOTOLINK AC1200 T8 router firmware version 4.1.5cu.862_B20230228. This issue resides within the setTracerouteCfg function, which is part of the router's web management interface. The vulnerability allows remote attackers to execute arbitrary operating system commands on the affected device, fundamentally compromising the device's security posture and potentially enabling full system compromise. The affected firmware version indicates this is a relatively recent vulnerability that has not yet been addressed by the vendor through a security patch.
The technical nature of this vulnerability places it under CWE-77, which specifically addresses command injection flaws in software applications. This classification indicates that the router's web interface fails to properly sanitize or validate input parameters passed to the setTracerouteCfg function, allowing malicious actors to inject operating system commands through crafted input. The vulnerability's remote exploitability means that an attacker does not require physical access or local network credentials to initiate the attack, making it particularly dangerous in environments where routers are exposed to untrusted networks. The command injection occurs at the operating system level, potentially allowing attackers to execute privileged commands, modify system configurations, or even gain shell access to the device.
The operational impact of this vulnerability extends beyond simple unauthorized command execution, as it enables attackers to establish persistent access to the network infrastructure. Once compromised, the router can serve as a pivot point for further attacks within the local network, potentially enabling man-in-the-middle attacks, DNS poisoning, or the redirection of network traffic. The vulnerability's critical classification suggests that it could be exploited to completely compromise the router's functionality, potentially leading to denial of service conditions or the complete takeover of network routing capabilities. Network administrators face significant risk as this vulnerability could allow attackers to modify routing tables, disable security features, or create backdoors for future access.
Mitigation strategies for CVE-2024-8077 should prioritize immediate action given the critical nature of the vulnerability. Organizations should immediately disable remote administrative access to affected routers and implement network segmentation to limit the potential impact of compromise. The most effective long-term solution involves updating the firmware to a version that addresses this specific command injection vulnerability, although the vendor's lack of response to early disclosure attempts suggests that such a patch may not yet be available. Network monitoring should be enhanced to detect unusual traceroute or network diagnostic activity that might indicate exploitation attempts. Security teams should also consider implementing firewall rules that restrict access to router management interfaces and deploy intrusion detection systems that can identify patterns consistent with command injection attacks. The vulnerability's characteristics align with ATT&CK technique T1059.001, which covers command and scripting interpreter, and T1071.004, which addresses application layer protocol. Organizations should also consider implementing network access control measures and conducting thorough network audits to identify any potential compromise of affected devices.