VYPR

T8

by Totolink

CVEs (10)

  • CVE-2023-24157Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24152Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24150Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24151Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24156Feb 3, 2023
    risk 0.01cvss epss 0.02

    A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24154Feb 3, 2023
    risk 0.01cvss epss 0.02

    TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.

  • CVE-2024-0944Jan 26, 2024
    risk 0.00cvss epss 0.02

    A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The…

  • CVE-2024-0569Jan 16, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure.…

  • CVE-2023-24153Feb 3, 2023
    risk 0.00cvss epss 0.02

    A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2023-24155Feb 3, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.