TOTOLINK N600R Router Command Injection (CVE-2022-26186; CVE-2022-26188; CVE-2022-26189; CVE-2022-27411; CVE-2022-28905; CVE-2022-28906; CVE-2022-28907; CVE-2022-28908; CVE-2022-28909; CVE-2022-28910; CVE-2022-28911; CVE-2022-28912; CVE-2022-28913)

A command injection vulnerability exists in TOTOLINK N600R router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2022-28906

creationtimestamp| type| source ---|---|--- 2022-05-10 18:34:29+00:00| seen| https://t.me/cibsecurity/42256 2025-07-15 21:02:19+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ltzsfqwusi2w...

CVE-2022-28906

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg...

CVE-2022-28906

Summary: CVE-2022-28906 affects TOTOLink N600R routers (V5.3c.7159_B20190425). A command-injection vulnerability exists in the /setting/setLanguageCfg API endpoint, exploitable via the langtype parameter. The issue allows an attacker to potentially execute arbitrary commands on the device, with n...