Aurorahaaash

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3300R version 17.0.0cu.557 B20221024 **Description** The issue arises when handling the setLedCfg request, where there is no verification for the `enable` parameter. This lack of verification can lead to command injection. **Recommendations** For TOTOLINK A3300R version 17.0.0cu.557 B20221024, as a temporary workaround, consider disabling the setLedCfg request until a patch is available. Restrict access to the `enable` parameter in the setLedCfg request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.