CVE-2023-24153
https://notcve.org/view.php?id=CVE-2023-24153
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/recvSlaveCloudCheckStatus_version/recvSlaveCloudCheckStatus.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-24144
https://notcve.org/view.php?id=CVE-2023-24144
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_ca300-poe/setRebootScheCfg_hour/setRebootScheCfg_hour.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-24151
https://notcve.org/view.php?id=CVE-2023-24151
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/recvSlaveCloudCheckStatus_ip/recvSlaveCloudCheckStatus_ip.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-24148
https://notcve.org/view.php?id=CVE-2023-24148
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. • https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_ca300-poe/setUploadUserData/setUploadUserData.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-48113
https://notcve.org/view.php?id=CVE-2022-48113
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. • https://wefir.blogspot.com/2022/12/totolink-n200rev5-telnet-backdoor.html • CWE-798: Use of Hard-coded Credentials •