A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.250785 | third party advisory vdb entry technical description |
| https://vuldb.com/?ctiid.250785 | signature third party advisory vdb entry permissions required |
| https://vuldb.com/?submit.263653 | third party advisory vdb entry |
| https://www.chtsecurity.com/news/8f270890-12cc-4623-99a3-a81e00758c29 | third party advisory related |
| https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing | third party advisory exploit |
| https://www.chtsecurity.com/news/8aa31e69-1e7c-4186-8554-7d5d6baeaa84 | third party advisory related |