CVE-2023-24151

CRITICAL

TOTOLINK T8 V4.1.5cu - Command Injection

Title source: llm

Description

A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/recvSlaveCloudCheckStatus_ip/recvSlaveCloudCheckStatus_ip.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0784

EPSS Percentile 92.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

totolink/t8_firmware v4.1.5cu

Published Feb 03, 2023

Tracked Since Feb 18, 2026