CVE-2022-28127

Name of the Vulnerable Software and Affected Versions Robustel R1510 version 3.3.0

Description A data removal issue exists in the web server /action/remove/ API functionality. This allows an attacker to send specially-crafted network requests, potentially leading to arbitrary file deletion by sending a sequence of requests to trigger the issue.

Recommendations For Robustel R1510 version 3.3.0, consider disabling the /action/remove/ API endpoint until a patch is available to prevent arbitrary file deletion. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this functionality in the affected API endpoint until the issue is resolved.