CVE-2022-28906

Name of the Vulnerable Software and Affected Versions TOTOLink N600R version V5.3c.7159 B20190425

Description A command injection issue was discovered via the langtype parameter in the "/setting/setLanguageCfg" API endpoint. This allows for potential command execution. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For TOTOLink N600R version V5.3c.7159 B20190425, consider restricting access to the "/setting/setLanguageCfg" API endpoint to minimize the risk of exploitation. Avoid using the langtype parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.