Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2023
CVE-2023-24154
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-02-03
CVE-2023-24155
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-03
CVE-2023-24156
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-03
CVE-2023-24147
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-03
CVE-2023-24148
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-02-03
CVE-2023-24149
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-03
CVE-2023-24150
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-03
CVE-2023-24142
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-02-03
CVE-2023-24143
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-02-03
CVE-2023-24144
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved