CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8077 – TOTOLINK AC1200 T8 setTracerouteCfg os command injection
https://notcve.org/view.php?id=CVE-2024-8077
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8076 – TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow
https://notcve.org/view.php?id=CVE-2024-8076
22 Aug 2024 — A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8075 – TOTOLINK AC1200 T8 setDiagnosisCfg os command injection
https://notcve.org/view.php?id=CVE-2024-8075
22 Aug 2024 — A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/hawkteam404/RnD_Public/blob/main/TOTOLink_AC1200_T8_OsCmdI_BOF.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2024-0944 – Totolink T8 cstecgi.cgi session expiration
https://notcve.org/view.php?id=CVE-2024-0944
26 Jan 2024 — A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. • https://github.com/Artemisxxx37/cve-2024-0944 • CWE-613: Insufficient Session Expiration •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 1CVE-2024-0569 – Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure
https://notcve.org/view.php?id=CVE-2024-0569
16 Jan 2024 — A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-24150
https://notcve.org/view.php?id=CVE-2023-24150
03 Feb 2023 — A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/meshSlaveDlfw/meshSlaveDlfw.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-24151
https://notcve.org/view.php?id=CVE-2023-24151
03 Feb 2023 — A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/recvSlaveCloudCheckStatus_ip/recvSlaveCloudCheckStatus_ip.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-24152
https://notcve.org/view.php?id=CVE-2023-24152
03 Feb 2023 — A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/meshSlaveUpdate/meshSlaveUpdate.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-24153
https://notcve.org/view.php?id=CVE-2023-24153
03 Feb 2023 — A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/recvSlaveCloudCheckStatus_version/recvSlaveCloudCheckStatus.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 1CVE-2023-24154
https://notcve.org/view.php?id=CVE-2023-24154
03 Feb 2023 — TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/setUpgradeFW/setUpgradeFW.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •