PT-2023-19440 · Totolink · Totolink T8

Published

2023-01-16

Updated

2025-03-26

CVE-2023-24151

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK T8 version 4.1.5cu

Description A command injection issue exists in the ip parameter of the recvSlaveCloudCheckStatus function, allowing attackers to execute arbitrary commands via a crafted MQTT packet.

Recommendations For TOTOLINK T8 version 4.1.5cu, consider disabling the recvSlaveCloudCheckStatus function until a patch is available to prevent exploitation of the command injection vulnerability in the ip parameter.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-04270

CVE-2023-24151

Affected Products

Totolink T8

PT-2023-19440 · Totolink · Totolink T8

CVE-2023-24151

Weakness Enumeration

Related Identifiers

Affected Products

References · 6