TOTOLINK CP900 setUpgradeUboot Function Command Injection Vulnerability

The TOTOLINK CP900 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900 suffers from a command injection vulnerability that stems from the setUpgradeUboot function failing to properly filter constructor command special characters, commands, etc. No detailed vulnerabilit...