T8
by Totolink
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24157 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24152 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24150 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24151 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24156 | 0.01 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24154 | 0.01 | — | 0.02 | Feb 3, 2023 | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | |||
| CVE-2024-0944 | 0.00 | — | 0.02 | Jan 26, 2024 | A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The… | |||
| CVE-2024-0569 | 0.00 | — | 0.01 | Jan 16, 2024 | A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure.… | |||
| CVE-2023-24153 | 0.00 | — | 0.02 | Feb 3, 2023 | A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||
| CVE-2023-24155 | 0.00 | — | 0.01 | Feb 3, 2023 | TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. |
- CVE-2023-24157Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24152Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24150Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24151Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24156Feb 3, 2023risk 0.01cvss —epss 0.02
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24154Feb 3, 2023risk 0.01cvss —epss 0.02
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
- CVE-2024-0944Jan 26, 2024risk 0.00cvss —epss 0.02
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The…
- CVE-2024-0569Jan 16, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure.…
- CVE-2023-24153Feb 3, 2023risk 0.00cvss —epss 0.02
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
- CVE-2023-24155Feb 3, 2023risk 0.00cvss —epss 0.01
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.