Description
A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.250785
Permissions Required, Third Party Advisory, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.250785
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.263653
Third Party Advisory related
https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29
Exploit, Third Party Advisory exploit
https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing
Third Party Advisory related
https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84
Scores
CVSS v3
4.3
EPSS
0.0037
EPSS Percentile
58.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
CWE-200
Status
published
Products (1)
totolink/t8_firmware
4.1.5cu.833_20220905
Published
Jan 16, 2024
Tracked Since
Feb 18, 2026