CVE-2021-46007

Name of the Vulnerable Software and Affected Versions totolink a3100r version V5.9c.4577

Description The issue concerns an os command injection vulnerability. It occurs because the backend of a page executes the ping command, and the input field does not properly filter special symbols, leading to potential command injection attacks.

Recommendations For totolink a3100r version V5.9c.4577, consider restricting access to the vulnerable page or input field until a proper fix is available. As a temporary workaround, avoid using special symbols in the input field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.