PT-2022-18408 · Totolink · Totolink N600R
Published
2022-05-05
·
Updated
2023-08-08
·
CVE-2022-27411
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TOTOLINK N600R version 5.3c.5507 B20171031
Description
A command injection issue was discovered via the
QUERY STRING parameter in the Main function. This allows for potential exploitation.Recommendations
For TOTOLINK N600R version 5.3c.5507 B20171031, consider restricting access to the Main function to minimize the risk of exploitation until a patch is available. Avoid using the
QUERY STRING parameter in the affected function until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Totolink N600R