Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Totolink Subscribe
Filtered by product T8 Firmware
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24155 1 Totolink 2 T8, T8 Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
CVE-2023-24153 1 Totolink 2 T8, T8 Firmware 2023-02-10 N/A 9.8 CRITICAL
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24152 1 Totolink 2 T8, T8 Firmware 2023-02-09 N/A 9.8 CRITICAL
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24151 1 Totolink 2 T8, T8 Firmware 2023-02-09 N/A 9.8 CRITICAL
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24150 1 Totolink 2 T8, T8 Firmware 2023-02-09 N/A 9.8 CRITICAL
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24154 1 Totolink 2 T8, T8 Firmware 2023-02-09 N/A 9.8 CRITICAL
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
CVE-2023-24156 1 Totolink 2 T8, T8 Firmware 2023-02-09 N/A 9.8 CRITICAL
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24157 1 Totolink 2 T8, T8 Firmware 2023-02-09 N/A 9.8 CRITICAL
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.