TOTOLINK A3300R setWanCfg Method Command Injection Vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the hostName parameter of the setWanCfg method failing to correctly filter the construct command specia...