CVE-2022-28127
The CVE-2022-28127 case concerns Robustel R1510: the web_server /action/remove/ API can trigger arbitrary file deletion via a crafted request. The TALOS analysis explains that the handler builds a shell command using a user-controlled file_name and only checks for path traversal by looking for “....