Totolink: >> T8 Firmware Security Vulnerabilities
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-02-03
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-02-03
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-02-03
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-03
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-03
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-03
Page 3