Totolink

T8 Firmware

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-24155

Exploit
  • EPSS 0.1%
  • Published 03.02.2023 16:15:14
  • Last modified 26.03.2025 16:15:19

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.

9.8

CVE-2023-24154

Exploit
  • EPSS 1.45%
  • Published 03.02.2023 16:15:14
  • Last modified 26.03.2025 16:15:18

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.

9.8

CVE-2023-24153

Exploit
  • EPSS 1.77%
  • Published 03.02.2023 16:15:14
  • Last modified 26.03.2025 16:15:18

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8

CVE-2023-24152

Exploit
  • EPSS 1.77%
  • Published 03.02.2023 16:15:14
  • Last modified 26.03.2025 16:15:18

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8

CVE-2023-24151

Exploit
  • EPSS 1.77%
  • Published 03.02.2023 16:15:14
  • Last modified 26.03.2025 16:15:18

A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8

CVE-2023-24150

Exploit
  • EPSS 1.63%
  • Published 03.02.2023 16:15:13
  • Last modified 26.03.2025 16:15:17

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.