Cyber Resilience

CVE-2024-46451

CriticalPublic PoC

Published: 16 September 2024

Published
16 September 2024
Modified
17 September 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1619 95.0th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46451 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Totolink T8 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability CVE-2024-46451 is a buffer overflow (CWE-120) in the TOTOLINK AC1200 T8 router firmware version v4.1.5cu.861_B20230220. It resides in the setWiFiAclRules function and is triggered via the desc parameter, resulting in a CVSS 3.1 score of 9.8 that reflects unauthenticated network access with full impacts on confidentiality, integrity, and availability.

An unauthenticated remote attacker can send a crafted request to the affected function over the network to trigger the overflow, enabling arbitrary code execution or denial of service that fully compromises the device. The current and peak EPSS score of 0.1619 indicates moderate and stable exploitation interest since disclosure.

A technical write-up with reproduction details is published at the referenced GitHub repository, but no vendor advisory, firmware patch, or mitigation steps are documented in the available references.

EU & UK References

Vulnerability details

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in web function setWiFiAclRules enables remote code execution on public-facing router web interface.

Affected Assets

totolink
t8 firmware
4.1.5cu.861_b20230220

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References