2 matches found
TOTOLINK N600R Router Command Injection (CVE-2022-26186; CVE-2022-26188; CVE-2022-26189; CVE-2022-27411; CVE-2022-28905; CVE-2022-28906; CVE-2022-28907; CVE-2022-28908; CVE-2022-28909; CVE-2022-28910; CVE-2022-28911; CVE-2022-28912; CVE-2022-28913)
A command injection vulnerability exists in TOTOLINK N600R router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-28911
CVE-2022-28911 affects TOTOLink N600R (firmware v5.3c.7159_B20190425). A command injection is possible via the filename parameter in the /setting/CloudACMunualUpdate endpoint, enabling arbitrary command execution with network access (no user interaction) and high impact per CVSS (up to 9.8/CRITIC...