Lakemoon602

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A6000R version 1.0.1-B20201211.2000 **Description** A command injection issue allows a remote attacker to execute arbitrary code via the `iface` parameter in the `vif enable` function. This enables the attacker to inject and execute commands, potentially leading to unauthorized access or control of the system. **Recommendations** For TOTOLINK A6000R version 1.0.1-B20201211.2000, consider disabling the `vif enable` function until a patch is available to prevent exploitation of the command injection issue. Restrict access to the `iface` parameter to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.