Note:
This project will be discontinued after December 13, 2021. [more]
Product:
T8_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-22 | CVE-2024-8075 | A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | T8_firmware | 9.8 | ||
| 2024-08-22 | CVE-2024-8076 | A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | T8_firmware | 9.8 | ||
| 2024-08-22 | CVE-2024-8077 | A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | T8_firmware | 9.8 | ||
| 2024-08-22 | CVE-2024-8078 | A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | T8_firmware | 9.8 | ||
| 2024-08-22 | CVE-2024-8079 | A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | T8_firmware | 9.8 | ||
| 2023-02-03 | CVE-2023-24150 | A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | T8_firmware | 9.8 | ||
| 2023-02-03 | CVE-2023-24151 | A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | T8_firmware | 9.8 | ||
| 2023-02-03 | CVE-2023-24152 | A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | T8_firmware | 9.8 | ||
| 2023-02-03 | CVE-2023-24153 | A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | T8_firmware | 9.8 | ||
| 2023-02-03 | CVE-2023-24154 | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | T8_firmware | 9.8 |