The vulnerability of the setNoticeCfg() function in the TOTOLink A950RG router’s microprogramming software allows a intruder to execute arbitrary commands and gain full control over the device.
The vulnerability of the setNoticeCfg function in the TOTOLink A950RG router’s microprogramming software lies in the lack of measures taken to clean up data at the control level when processing the IpTo parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...