CVE-2024-0569

CWE-200Information ExposureCWE-862Missing Authorization3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 41.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink T8Totolink T8 Firmware
Timeline
PublishedJan 16

Description

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affec

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/t84.1.5cu.833_20220905
NVDtotolink/t8_firmware4.1.5cu.833_20220905

🔴Vulnerability Details

2
CVEList
Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure2024-01-16
GHSA
GHSA-h6w6-xx8j-7qv2: A vulnerability classified as problematic has been found in Totolink T8 42024-01-16
CVE-2024-0569 (MEDIUM CVSS 5.3) | A vulnerability classified as probl | cvebase.io