Vulnerabilities > Totolink

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2023-24151 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24152 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24153 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24154 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24155 Use of Hard-coded Credentials vulnerability in Totolink T8 Firmware V4.1.5Cu
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
network
low complexity
totolink CWE-798
critical
 9.8
9.8
2023-02-03 CVE-2023-24156 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-03 CVE-2023-24157 Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-02-02 CVE-2022-48113 Use of Hard-coded Credentials vulnerability in Totolink N200Re-V5 Firmware 9.3.5U.6139
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request.
network
low complexity
totolink CWE-798
critical
 9.8
9.8
2023-01-27 CVE-2022-48066 Improper Authentication vulnerability in Totolink A830R Firmware 4.1.2Cu.5182
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.
network
low complexity
totolink CWE-287
critical
 9.8
9.8
2023-01-27 CVE-2022-48067 Use of Hard-coded Credentials vulnerability in Totolink A830R Firmware 4.1.2Cu.5182
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.
local
low complexity
totolink CWE-798
5.5
5.5