CVE-2022-37843

Name of the Vulnerable Software and Affected Versions TOTOLINK A860R version 4.1.2cu.5182 B20201027

Description The issue arises from the direct execution of acquired parameters in the system without proper filtering, leading to a command injection vulnerability. This occurs in the cstecgi.cgi component of the affected software.

Recommendations For TOTOLINK A860R version 4.1.2cu.5182 B20201027, consider disabling the execution of parameters in the cstecgi.cgi component until a patch is available. Restrict access to the cstecgi.cgi module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.