CHT Security Discovered Totolink Router Contains CVE Vulnerability

CHT Security discovered Broken Access Control vulnerability in Totolink router (CVE-2024-0569), which affects both domestic and foreign enterprises.

Risk Level : Critical

Impact Version: Totolink T8(version: 4.1.5cu.833_20220905)

Detailed description

CVE-2024-0569: An broken access control vulnerability has been identified in Totolink T8 (version:4.1.5cu.833_20220905), which allows an attacker to access certain sensitive information via specific payload without any authentication. This vulnerability can be categorized as A1 - Broken Access Control type in OWASP TOP 10 2021.

The developer has released the update as soon as possible after receiving the notification. If the authorities or enterprises are using the content of this opening project, it is recommended to contact the vendor for patching and updating as soon as possible.

CHT Security also recommends the following measures:

1. Enterprise: Contact the vendor to install the patch as soon as possible. 
2. System vendor: Implement input validation in the applications. It is recommended to adopt Secure Software Development Life Cycle (SSDLC), provide secure coding training, and regularly conduct security tests, such as Source Code Security Analysis and Penetration Testing, to effectively ensure product security for the clients.