cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-46419,https://securityvulnerability.io/vulnerability/CVE-2024-46419,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 Router,"The TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 is affected by a buffer overflow vulnerability located in the setWizardCfg function, which is triggered when processing the ssid5g parameter. This flaw could allow an attacker to craft malicious input that could potentially lead to unauthorized access or disruption of the device’s operation. Addressing this vulnerability is critical to ensuring the security and integrity of the network.",Totolink,T8 Firmware,9.8,CRITICAL,0.011850000359117985,false,false,false,false,,false,false,2024-09-16T14:15:00.000Z,0
CVE-2024-46424,https://securityvulnerability.io/vulnerability/CVE-2024-46424,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 Router,"The TOTOLINK AC1200 T8 router version v4.1.5cu.861_B20230220 is susceptible to a buffer overflow vulnerability in the UploadCustomModule function. This security flaw allows attackers to exploit the router through the File parameter, potentially resulting in a Denial of Service (DoS) condition. As a consequence, legitimate users may experience loss of access to critical functionalities. It is imperative for users and organizations utilizing this product to evaluate their exposure and consider appropriate patching or mitigation steps to safeguard their networks.",Totolink,T8 Firmware,7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-09-16T13:15:00.000Z,0
CVE-2024-46451,https://securityvulnerability.io/vulnerability/CVE-2024-46451,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 Router,"The TOTOLINK AC1200 T8 router version 4.1.5cu.861_B20230220 has been identified with a buffer overflow vulnerability associated with the setWiFiAclRules function. This issue is triggered via the 'desc' parameter, potentially allowing an attacker to exploit the vulnerable function. Such exploitation could lead to unauthorized access or control over the affected device, emphasizing the importance of timely updates and security measures for users of this product.",Totolink,T8 Firmware,9.8,CRITICAL,0.011850000359117985,false,false,false,false,,false,false,2024-09-16T13:15:00.000Z,0
CVE-2024-8076,https://securityvulnerability.io/vulnerability/CVE-2024-8076,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228,"A vulnerability exists in the TOTOLINK AC1200 T8 router, specifically within the setDiagnosisCfg function, which is susceptible to buffer overflow conditions. This flaw could potentially allow attackers to exploit the device remotely, potentially compromising its functionality and security. Despite outreach to TOTOLINK for addressing the issue, there was no response regarding the vulnerability disclosure, raising concerns about the device's long-term security management.",TOTOLINK,T8 Firmware,9.8,CRITICAL,0.0009299999801442027,false,false,false,false,,false,false,2024-08-22T20:15:00.000Z,0
CVE-2024-8077,https://securityvulnerability.io/vulnerability/CVE-2024-8077,Remote Code Execution Vulnerability in TOTOLINK AC1200 T8 Router,"A recently identified vulnerability in the TOTOLINK AC1200 T8 router, occurring in version 4.1.5cu.862_B20230228, has been classified as a critical security risk. The vulnerability resides in the setTracerouteCfg function, which is susceptible to OS command injection. Attackers can exploit this flaw to execute arbitrary commands on the device remotely, leading to potential unauthorized access and control over the router’s operations. Efforts to inform the vendor of this security flaw have gone unanswered, raising further concerns about the device's overall security posture. Users of this product are strongly advised to apply necessary mitigations to protect their network from potential exploit scenarios.",TOTOLINK,T8 Firmware,9.8,CRITICAL,0.0015200000489130616,false,false,false,false,,false,false,2024-08-22T20:15:00.000Z,0
CVE-2023-24150,https://securityvulnerability.io/vulnerability/CVE-2023-24150,Command Injection Vulnerability in TOTOLINK T8 from TOTOLINK,"A command injection vulnerability exists in the serverIp parameter within the meshSlaveDlfw function of the TOTOLINK T8 firmware (version V4.1.5cu). This flaw allows attackers to craft malicious MQTT packets that can lead to the execution of arbitrary commands on the server. Exploiting this vulnerability could grant unauthorized access and control over the affected device, posing serious security risks.",Totolink,T8 Firmware,9.8,CRITICAL,0.01131999958306551,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0
CVE-2023-24151,https://securityvulnerability.io/vulnerability/CVE-2023-24151,Command Injection Vulnerability in TOTOLINK T8 by TOTOLINK,A command injection flaw exists in the ip parameter of the recvSlaveCloudCheckStatus function in TOTOLINK T8 V4.1.5cu. This vulnerability allows unauthorized attackers to execute arbitrary commands on the affected device through maliciously crafted MQTT packets. Proper validation and sanitization of input parameters are essential to mitigate the risk associated with this vulnerability.,Totolink,T8 Firmware,9.8,CRITICAL,0.01131999958306551,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0
CVE-2023-24155,https://securityvulnerability.io/vulnerability/CVE-2023-24155,Hardcoded Password Vulnerability in TOTOLINK Router Firmware,"The TOTOLINK T8 router firmware version V4.1.5cu was found to contain a hardcoded password within the telnet service configuration, which is stored in the file /web_cste/cgi-bin/product.ini. This significant security flaw allows unauthorized access to the device, enabling potential attackers to exploit the router’s functionalities and gain control over the system, thereby compromising network integrity and user privacy.",Totolink,T8 Firmware,9.8,CRITICAL,0.014290000312030315,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0
CVE-2023-24153,https://securityvulnerability.io/vulnerability/CVE-2023-24153,Command Injection Vulnerability in TOTOLINK Router,"A command injection vulnerability exists in the TOTOLINK T8 router's version parameter within the recvSlaveCloudCheckStatus function. This flaw allows an attacker to execute arbitrary commands by sending a specially crafted MQTT packet, potentially compromising the device's integrity and security. Organizations using the affected router versions should take immediate steps to apply the necessary updates to mitigate risks associated with this vulnerability.",Totolink,T8 Firmware,9.8,CRITICAL,0.01131999958306551,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0
CVE-2023-24152,https://securityvulnerability.io/vulnerability/CVE-2023-24152,Command Injection Vulnerability in TOTOLINK T8 Router,"A command injection vulnerability exists in the serverIp parameter of the function meshSlaveUpdate in the TOTOLINK T8 Router. This flaw allows attackers to execute arbitrary commands by sending specially crafted MQTT packets, potentially compromising the security and integrity of the device. Users are encouraged to apply necessary security measures to mitigate risk.",Totolink,T8 Firmware,9.8,CRITICAL,0.01131999958306551,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0
CVE-2023-24154,https://securityvulnerability.io/vulnerability/CVE-2023-24154,Command Injection Vulnerability in TOTOLINK Router Software,"A command injection vulnerability exists in the TOTOLINK T8 router firmware, specifically found in the 'setUpgradeFW' function. This issue arises from improper handling of the 'slaveIpList' parameter, allowing an attacker to execute arbitrary commands on the affected device. Exploiting this vulnerability could lead to unauthorized access and manipulation of the router's settings and network traffic.",Totolink,T8 Firmware,9.8,CRITICAL,0.3112800121307373,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0
CVE-2023-24156,https://securityvulnerability.io/vulnerability/CVE-2023-24156,Command Injection Vulnerability in TOTOLINK T8 by TOTOLINK,"A command injection vulnerability exists within the 'ip' parameter in the function 'recvSlaveUpgstatus' of the TOTOLINK T8 router firmware version V4.1.5cu. Attackers can exploit this flaw by sending specially crafted MQTT packets, allowing them to execute arbitrary commands on the device. This vulnerability raises significant concerns regarding unauthorized access and system integrity.",Totolink,T8 Firmware,9.8,CRITICAL,0.01131999958306551,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0
CVE-2023-24157,https://securityvulnerability.io/vulnerability/CVE-2023-24157,Command Injection Vulnerability in TOTOLINK T8 by TOTOLINK,"A command injection vulnerability exists in the serverIp parameter within the updateWifiInfo function of the TOTOLINK T8 (version V4.1.5cu). This flaw allows an attacker to execute arbitrary commands on the device by sending specially crafted MQTT packets. Once exploited, unauthorized users can manipulate the device's functionality, leading to potential security breaches.",Totolink,T8 Firmware,9.8,CRITICAL,0.01131999958306551,false,false,false,false,,false,false,2023-02-03T00:00:00.000Z,0