Vulnerabilities > Totolink > T8 Firmware > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-03 | CVE-2023-24156 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24155 | Use of Hard-coded Credentials vulnerability in Totolink T8 Firmware V4.1.5Cu TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. | 9.8 |
2023-02-03 | CVE-2023-24154 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | 9.8 |
2023-02-03 | CVE-2023-24153 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24152 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24151 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |
2023-02-03 | CVE-2023-24150 | Command Injection vulnerability in Totolink T8 Firmware V4.1.5Cu A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 9.8 |