CVE-2023-24156
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CRITICAL · CVSS 9.8
EPSS 0.16381
Act now
- EPSS ≥ 0.10 - elevated exploitation probability
- EPSS percentile: top 5% of all CVEs by exploitation likelihood
- Public exploit or PoC is available
- SSVC automatable: yes - attacks can be scripted at scale
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0