{"vulnerability": "cve-2023-2415", "sightings": [{"uuid": "10cdfd24-1c61-48c4-989a-636370a555a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24155", "type": "seen", "source": "https://t.me/cibsecurity/57464", "content": "\u203c CVE-2023-24155 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:03.000000Z"}, {"uuid": "2540fc92-be28-43eb-a267-103c94a3a0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24150", "type": "seen", "source": "https://t.me/cibsecurity/57457", "content": "\u203c CVE-2023-24150 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:50.000000Z"}, {"uuid": "3accf613-f0ad-4528-8e43-16a912020579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24151", "type": "seen", "source": "https://t.me/cibsecurity/57456", "content": "\u203c CVE-2023-24151 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:49.000000Z"}, {"uuid": "c7a77ce1-5715-441b-97ed-3f9efc26c64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24156", "type": "seen", "source": "https://t.me/cibsecurity/57466", "content": "\u203c CVE-2023-24156 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:05.000000Z"}, {"uuid": "a1b79891-2730-47c4-a528-4cf76dc1df4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24154", "type": "seen", "source": "https://t.me/cibsecurity/57465", "content": "\u203c CVE-2023-24154 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:04.000000Z"}, {"uuid": "849ffb11-e861-4fea-8cd6-b7e8af4f4be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24159", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8244", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24159\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\ud83d\udccf Published: 2023-02-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T18:07:55.240Z\n\ud83d\udd17 References:\n1. https://github.com/iceyjchen/VulnerabilityProjectRecords/blob/main/setPasswordCfg_admpass/setPasswordCfg_admpass.md", "creation_timestamp": "2025-03-20T18:20:40.000000Z"}, {"uuid": "5a93ed3b-2a64-4206-b182-cca8ea2bfcaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24152", "type": "seen", "source": "https://t.me/cibsecurity/57454", "content": "\u203c CVE-2023-24152 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:47.000000Z"}, {"uuid": "9aca3ebe-36df-4d41-8e8f-9619ec310603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24159", "type": "seen", "source": "https://t.me/cibsecurity/58111", "content": "\u203c CVE-2023-24159 \u203c\n\nTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T18:35:41.000000Z"}, {"uuid": "4bf7898e-31cf-4e85-93fa-ff61157be968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2415", "type": "seen", "source": "https://t.me/cibsecurity/64961", "content": "\u203c CVE-2023-2415 \u203c\n\nThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-03T20:09:29.000000Z"}, {"uuid": "2917a1d0-bf51-4ec4-bf64-1342a73022a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24153", "type": "seen", "source": "https://t.me/cibsecurity/57452", "content": "\u203c CVE-2023-24153 \u203c\n\nA command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:42.000000Z"}]}