Luanruy

**Name of the Vulnerable Software and Affected Versions** TOTOLINK N600R version 4.3.0cu.7647 B20210106 **Description** The TOTOLINK N600R router firmware contains a command injection vulnerability. This issue is located in the `setWiFiWpsConfig` function and is triggered through the `pin` parameter. **Recommendations** TOTOLINK N600R version 4.3.0cu.7647 B20210106: As a temporary workaround, consider disabling the WPS functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK N600R version 4.3.0cu.7866 B2022506 **Description** A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the `UPLOAD FILENAME` component. This enables remote code execution. **Recommendations** For TOTOLINK N600R version 4.3.0cu.7866 B2022506, as a temporary workaround, consider restricting access to the `UPLOAD FILENAME` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.