T10 V2 Firmware Security Vulnerabilities - February 2022

CVE-2022-25081

TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.