TOTOLINK T6 sub_421504 Function Command Injection Vulnerability
TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that stems from the sub421504 function in cstecgi.cgi failing to properly filter construct command...