Jeeseensec

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X5000R version 9.1.0cu.2350 B20230313 **Description** The issue is related to a command injection vulnerability via the `setWanCfg` function. This vulnerability is associated with a lack of input data sanitization measures in the TOTOLINK X5000R router's firmware. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For TOTOLINK X5000R version 9.1.0cu.2350 B20230313, consider disabling the `setWanCfg` function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.