CVE-2021-45742

Name of the Vulnerable Software and Affected Versions TOTOLINK A720R version 4.1.5cu.470 B20200911

Description The issue allows attackers to execute arbitrary commands via the QUERY STRING parameter in the "Main" function. This is a command injection vulnerability.

Recommendations For TOTOLINK A720R version 4.1.5cu.470 B20200911, consider restricting access to the "Main" function to minimize the risk of exploitation. Avoid using the QUERY STRING parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.