T8 Firmware

t8_firmware

Vendor: Totolink • 26 CVEs

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-24155 1Totolink 1T8 Firmware Mar 26, 2025 Feb 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
CVE-2023-24154 1Totolink 1T8 Firmware Mar 26, 2025 Feb 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
CVE-2023-24153 1Totolink 1T8 Firmware Mar 26, 2025 Feb 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24152 1Totolink 1T8 Firmware Mar 26, 2025 Feb 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24151 1Totolink 1T8 Firmware Mar 26, 2025 Feb 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24150 1Totolink 1T8 Firmware Mar 26, 2025 Feb 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Previous 12