CVE-2021-45738

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0u.6118 B20201102

Description A command injection issue was found in the UploadFirmwareFile function, allowing attackers to execute arbitrary commands via the FileName parameter.

Recommendations For TOTOLINK X5000R version 9.1.0u.6118 B20201102, as a temporary workaround, consider disabling the UploadFirmwareFile function until a patch is available. Avoid using the FileName parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.