PT-2023-19443 · Totolink · Totolink T8

Publicado

2023-01-16

Atualizado

2025-03-26

CVE-2023-24154

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK T8 version 4.1.5cu

Description A command injection issue was discovered via the slaveIpList parameter in the setUpgradeFW() function. This allows for potential exploitation.

Recommendations For TOTOLINK T8 version 4.1.5cu, consider restricting access to the setUpgradeFW() function until a patch is available. Avoid using the slaveIpList parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

BDU:2025-04266

CVE-2023-24154

Produtos afetados

Totolink T8

PT-2023-19443 · Totolink · Totolink T8

CVE-2023-24154

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6