Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-24157PUBLISHED: 2023-02-03A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24151PUBLISHED: 2023-02-03A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24152PUBLISHED: 2023-02-03A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24153PUBLISHED: 2023-02-03A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24154PUBLISHED: 2023-02-03TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
User Rank: Strategist
6/7/2021 | 1:21:54 AM
Number 1 is age discrimination. This is a major issue that has been widely studied. It's real, it exists and it cripples companies who cry about security shortage when they reject older and highly qualified candidates. There are plenty of subject matter experts in this area who can testify to the veracity of what I just said.
Number 2 is the hiring skills of recruiters, H.R. and the hiring managers is at best, (sorry to say) mediocre. To do their job properly, they must spend 10x more time combing through resumes and picking up the phone to make a call than they presently do.
The talent is out there, you just have to invest the time to find it and you must open your mind to older, smart and experienced workers. If you do this, the shortage is greatly diminished.
Blessings,
Harry