4 matches found
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2023-24152
CVE-2023-24152 affects TOTOLINK T8 devices (V4.1.5cu). The vulnerability is a command injection in the serverIp parameter used by the meshSlaveUpdate function. An attacker can inject and execute arbitrary commands by crafting an MQTT packet transmitted over the network. The issue is demonstrated ...