Totolink T8 Firmware

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Totolink T8 Firmware.

By the Year

In 2026 there have been 0 vulnerabilities in Totolink T8 Firmware. T8 Firmware did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	14	9.23
2023	8	9.80

It may take a day or so for new T8 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink T8 Firmware Security Vulnerabilities

TOTORLINK AC1200 T8 v4.1.5 Buffer Overflow via ssid5g in setWizardCfg
CVE-2024-46419 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.

Classic Buffer Overflow

TOTOLINK AC1200 T8 v4.1.5cu.861 Buffer Overflow in UploadCustomModule (DoS)
CVE-2024-46424 7.5 - High - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.

Classic Buffer Overflow

Buffer Overflow in setWiFiAclRules (v4.1.5cu) TOTOLINK AC1200 T8
CVE-2024-46451 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.

Classic Buffer Overflow

TOTOLINK AC1200 T8 4.1.5cu.861 hard-coded password via /etc/shadow.sample
CVE-2024-8580 8.1 - High - September 08, 2024

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Password

TOTOLINK AC1200 Buffer Overflow in WiFi Repeater Config
CVE-2024-8579 9.8 - Critical - September 08, 2024

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

TOTOLINK AC1200 T8 4.1.5cu Buffer Overflow in setWiFiMeshName Remote
CVE-2024-8578 8.8 - High - September 08, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

Totolink AC1200 T8 4.1.5cu.861 Critical Buffer Overflow in setWiFiScheduleCfg
CVE-2024-8575 8.8 - High - September 08, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

OS Command Injection via setParentalRules in TOTOLINK AC1200 T8 4.1.5cu.861
CVE-2024-8574 8.8 - High - September 08, 2024

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

TOTOLINK AC1200 T8/T10 Remote Buffer Overflow in setParentalRules (v4.1.5/4.1.8)
CVE-2024-8573 8.8 - High - September 08, 2024

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

Buffer Overflow

TOTOLINK AC1200 T8 4.1.5cu Remote Buffer Overflow in exportOvpn
CVE-2024-8079 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 Remote TRaceroute Buffer Overflow
CVE-2024-8078 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

Totolink AC1200 T8 4.1.5cu.862_B20230228: Remote BO via setDiagnosisCfg
CVE-2024-8076 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

TOTOlink AC1200 T8 4.1.5cu.862_B20230228: OS CMD injection via setDiagnosisCfg
CVE-2024-8075 9.8 - Critical - August 22, 2024

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

TOTOLINK AC1200 T8 4.1.5cu Remote OS Command Injection via setTracerouteCfg
CVE-2024-8077 9.8 - Critical - August 22, 2024

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

TOTOLINK T8 V4.1.5cu CmdInjection via updateWifiInfo(serverIp) MQTT
CVE-2023-24157 9.8 - Critical - February 03, 2023

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Command Injection

Command Injection in TOTOLINK T8 4.1.5cu recvSlaveUpgstatus via MQTT
CVE-2023-24156 9.8 - Critical - February 03, 2023

A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Command Injection

TOTOLINK T8 V4.1.5cu Hard-coded Telnet Password in /web_cste/cgi-bin/product.ini
CVE-2023-24155 9.8 - Critical - February 03, 2023

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.

Use of Hard-coded Credentials

Command Injection in TOTOLINK T8 V4.1.5cu via setUpgradeFW slaveIpList
CVE-2023-24154 9.8 - Critical - February 03, 2023

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.

Command Injection

Command Injection in TOTOLINK T8 4.1.5cu via MQTT Version Param
CVE-2023-24153 9.8 - Critical - February 03, 2023

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Command Injection

TOTOLINK T8 V4.1.5cu CMD Injection via serverIp in meshSlaveUpdate (MQTT)
CVE-2023-24152 9.8 - Critical - February 03, 2023

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Command Injection

Command Injection via MQTT ip param in TOTOLINK T8 V4.1.5cu recvStatus
CVE-2023-24151 9.8 - Critical - February 03, 2023

A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Command Injection

Command Injection in TOTOLINK T8 4.1.5cu via MQTT serverIp parameter
CVE-2023-24150 9.8 - Critical - February 03, 2023

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Totolink T8 Firmware or by Totolink? Click the Watch button to subscribe.

Totolink
Vendor

Totolink T8 Firmware
Product

Totolink T8 Firmware

Don't miss out!

By the Year

Recent Totolink T8 Firmware Security Vulnerabilities

TOTORLINK AC1200 T8 v4.1.5 Buffer Overflow via ssid5g in setWizardCfg CVE-2024-46419 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861 Buffer Overflow in UploadCustomModule (DoS) CVE-2024-46424 7.5 - High - September 16, 2024

Buffer Overflow in setWiFiAclRules (v4.1.5cu) TOTOLINK AC1200 T8 CVE-2024-46451 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 4.1.5cu.861 hard-coded password via /etc/shadow.sample CVE-2024-8580 8.1 - High - September 08, 2024

TOTOLINK AC1200 Buffer Overflow in WiFi Repeater Config CVE-2024-8579 9.8 - Critical - September 08, 2024

TOTOLINK AC1200 T8 4.1.5cu Buffer Overflow in setWiFiMeshName Remote CVE-2024-8578 8.8 - High - September 08, 2024

Totolink AC1200 T8 4.1.5cu.861 Critical Buffer Overflow in setWiFiScheduleCfg CVE-2024-8575 8.8 - High - September 08, 2024

OS Command Injection via setParentalRules in TOTOLINK AC1200 T8 4.1.5cu.861 CVE-2024-8574 8.8 - High - September 08, 2024

TOTOLINK AC1200 T8/T10 Remote Buffer Overflow in setParentalRules (v4.1.5/4.1.8) CVE-2024-8573 8.8 - High - September 08, 2024

TOTOLINK AC1200 T8 4.1.5cu Remote Buffer Overflow in exportOvpn CVE-2024-8079 9.8 - Critical - August 22, 2024

TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 Remote TRaceroute Buffer Overflow CVE-2024-8078 9.8 - Critical - August 22, 2024

Totolink AC1200 T8 4.1.5cu.862_B20230228: Remote BO via setDiagnosisCfg CVE-2024-8076 9.8 - Critical - August 22, 2024

TOTOlink AC1200 T8 4.1.5cu.862_B20230228: OS CMD injection via setDiagnosisCfg CVE-2024-8075 9.8 - Critical - August 22, 2024

TOTOLINK AC1200 T8 4.1.5cu Remote OS Command Injection via setTracerouteCfg CVE-2024-8077 9.8 - Critical - August 22, 2024

TOTOLINK T8 V4.1.5cu CmdInjection via updateWifiInfo(serverIp) MQTT CVE-2023-24157 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 4.1.5cu recvSlaveUpgstatus via MQTT CVE-2023-24156 9.8 - Critical - February 03, 2023

TOTOLINK T8 V4.1.5cu Hard-coded Telnet Password in /web_cste/cgi-bin/product.ini CVE-2023-24155 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 V4.1.5cu via setUpgradeFW slaveIpList CVE-2023-24154 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 4.1.5cu via MQTT Version Param CVE-2023-24153 9.8 - Critical - February 03, 2023

TOTOLINK T8 V4.1.5cu CMD Injection via serverIp in meshSlaveUpdate (MQTT) CVE-2023-24152 9.8 - Critical - February 03, 2023

Command Injection via MQTT ip param in TOTOLINK T8 V4.1.5cu recvStatus CVE-2023-24151 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 4.1.5cu via MQTT serverIp parameter CVE-2023-24150 9.8 - Critical - February 03, 2023

Stay on top of Security Vulnerabilities

Totolink Vendor

Totolink T8 FirmwareProduct

TOTORLINK AC1200 T8 v4.1.5 Buffer Overflow via ssid5g in setWizardCfg
CVE-2024-46419 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861 Buffer Overflow in UploadCustomModule (DoS)
CVE-2024-46424 7.5 - High - September 16, 2024

Buffer Overflow in setWiFiAclRules (v4.1.5cu) TOTOLINK AC1200 T8
CVE-2024-46451 9.8 - Critical - September 16, 2024

TOTOLINK AC1200 T8 4.1.5cu.861 hard-coded password via /etc/shadow.sample
CVE-2024-8580 8.1 - High - September 08, 2024

TOTOLINK AC1200 Buffer Overflow in WiFi Repeater Config
CVE-2024-8579 9.8 - Critical - September 08, 2024

TOTOLINK AC1200 T8 4.1.5cu Buffer Overflow in setWiFiMeshName Remote
CVE-2024-8578 8.8 - High - September 08, 2024

Totolink AC1200 T8 4.1.5cu.861 Critical Buffer Overflow in setWiFiScheduleCfg
CVE-2024-8575 8.8 - High - September 08, 2024

OS Command Injection via setParentalRules in TOTOLINK AC1200 T8 4.1.5cu.861
CVE-2024-8574 8.8 - High - September 08, 2024

TOTOLINK AC1200 T8/T10 Remote Buffer Overflow in setParentalRules (v4.1.5/4.1.8)
CVE-2024-8573 8.8 - High - September 08, 2024

TOTOLINK AC1200 T8 4.1.5cu Remote Buffer Overflow in exportOvpn
CVE-2024-8079 9.8 - Critical - August 22, 2024

TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 Remote TRaceroute Buffer Overflow
CVE-2024-8078 9.8 - Critical - August 22, 2024

Totolink AC1200 T8 4.1.5cu.862_B20230228: Remote BO via setDiagnosisCfg
CVE-2024-8076 9.8 - Critical - August 22, 2024

TOTOlink AC1200 T8 4.1.5cu.862_B20230228: OS CMD injection via setDiagnosisCfg
CVE-2024-8075 9.8 - Critical - August 22, 2024

TOTOLINK AC1200 T8 4.1.5cu Remote OS Command Injection via setTracerouteCfg
CVE-2024-8077 9.8 - Critical - August 22, 2024

TOTOLINK T8 V4.1.5cu CmdInjection via updateWifiInfo(serverIp) MQTT
CVE-2023-24157 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 4.1.5cu recvSlaveUpgstatus via MQTT
CVE-2023-24156 9.8 - Critical - February 03, 2023

TOTOLINK T8 V4.1.5cu Hard-coded Telnet Password in /web_cste/cgi-bin/product.ini
CVE-2023-24155 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 V4.1.5cu via setUpgradeFW slaveIpList
CVE-2023-24154 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 4.1.5cu via MQTT Version Param
CVE-2023-24153 9.8 - Critical - February 03, 2023

TOTOLINK T8 V4.1.5cu CMD Injection via serverIp in meshSlaveUpdate (MQTT)
CVE-2023-24152 9.8 - Critical - February 03, 2023

Command Injection via MQTT ip param in TOTOLINK T8 V4.1.5cu recvStatus
CVE-2023-24151 9.8 - Critical - February 03, 2023

Command Injection in TOTOLINK T8 4.1.5cu via MQTT serverIp parameter
CVE-2023-24150 9.8 - Critical - February 03, 2023

Totolink
Vendor

Totolink T8 Firmware
Product