Vulnerabilities > Totolink > T8 Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-26 | CVE-2024-0944 | Insufficient Session Expiration vulnerability in Totolink T8 Firmware 4.1.5Cu.83320220905 A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. | 5.3 |
2024-01-16 | CVE-2024-0569 | Missing Authorization vulnerability in Totolink T8 Firmware 4.1.5Cu.83320220905 A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. | 9.1 |
2023-02-03 | CVE-2023-24150 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24151 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24152 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24153 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24154 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | 9.8 |
2023-02-03 | CVE-2023-24155 | Use of Hard-coded Credentials vulnerability in Totolink T8 Firmware V4.1.5Cu TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. | 9.8 |
2023-02-03 | CVE-2023-24156 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24157 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |