CVE-2024-0944Insufficient Session Expiration in T8

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
5.3MEDIUMNVD
CNA3.7
EPSS
1.6%
top 18.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink T8Totolink T8 Firmware
Timeline
PublishedJan 26

Description

A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted e

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5totolink/t84.1.5cu.833_20220905
NVDtotolink/t8_firmware4.1.5cu.833_20220905

🔴Vulnerability Details

2
CVEList
Totolink T8 cstecgi.cgi session expiration2024-01-26
GHSA
GHSA-38xm-rj5r-36vx: A vulnerability was found in Totolink T8 42024-01-26
CVE-2024-0944 — Insufficient Session Expiration in T8 | cvebase