CVE-2022-26213

Name of the Vulnerable Software and Affected Versions Totolink X5000R Firmware version 9.1.0u.6118 B20201102

Description The issue is related to a command injection vulnerability in the setNtpCfg function, specifically via the tz parameters. This allows attackers to execute arbitrary commands by sending a crafted request.

Recommendations For Totolink X5000R Firmware version 9.1.0u.6118 B20201102, consider disabling the setNtpCfg function until a patch is available to prevent exploitation. Restrict access to the tz parameters in the affected function to minimize the risk of command injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.