CVE-2022-37076
Totolink A7000R devices running V9.1.0u.6115_B20201022 are affected by a command-injection vulnerability in the UploadFirmwareFile function, exploitable via the FileName parameter. According to multiple sources (NVD, Red Hat advisory, CNNVD, PT-Research), the flaw is a local issue with high impac...