PT-2023-19442 · Totolink · Totolink T8

Published

2023-01-16

Updated

2025-03-26

CVE-2023-24153

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK T8 version 4.1.5cu

Description A command injection issue in the version parameter of the recvSlaveCloudCheckStatus function allows attackers to execute arbitrary commands via a crafted MQTT packet.

Recommendations For TOTOLINK T8 version 4.1.5cu, consider disabling the recvSlaveCloudCheckStatus function until a patch is available to prevent exploitation. Restrict access to the version parameter in the affected function to minimize the risk of command injection.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-10030

CVE-2023-24153

Affected Products

Totolink T8

PT-2023-19442 · Totolink · Totolink T8

CVE-2023-24153

Weakness Enumeration

Related Identifiers

Affected Products

References · 6