TOTOLINK CPE CP900 setUploadUserData Function Command Injection Vulnerability

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the setUploadUserData function failing to properly filter construct command special characters, commands, etc. No detail...