Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

T8 Firmware Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2023-24150

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS

9.7AI Score

0.015EPSS

2023-02-03 04:15 PM
26
cve
cve

CVE-2023-24151

A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS

9.7AI Score

0.015EPSS

2023-02-03 04:15 PM
23
cve
cve

CVE-2023-24152

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS

9.7AI Score

0.015EPSS

2023-02-03 04:15 PM
21
cve
cve

CVE-2023-24153

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS

9.7AI Score

0.015EPSS

2023-02-03 04:15 PM
24
cve
cve

CVE-2023-24154

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.

9.8CVSS

9.7AI Score

0.449EPSS

2023-02-03 04:15 PM
26
cve
cve

CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.

9.8CVSS

9.5AI Score

0.014EPSS

2023-02-03 04:15 PM
30
cve
cve

CVE-2023-24156

A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS

9.7AI Score

0.015EPSS

2023-02-03 04:15 PM
22
cve
cve

CVE-2023-24157

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS

9.7AI Score

0.015EPSS

2023-02-03 04:15 PM
93
cve
cve

CVE-2024-46419

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.

9.8CVSS

7.1AI Score

0.009EPSS

2024-09-16 02:15 PM
23
cve
cve

CVE-2024-46451

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.

9.8CVSS

7.7AI Score

0.009EPSS

2024-09-16 01:15 PM
28
cve
cve

CVE-2024-8580

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather hig...

8.1CVSS

8.1AI Score

0.002EPSS

2024-09-08 09:15 PM
36