CVE-2022-38828

Name of the Vulnerable Software and Affected Versions TOTOLINK T6 version 4.1.5cu.709 B20210518

Description The issue is related to command injection via the cstecgi.cgi endpoint. This allows for potential malicious commands to be executed. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For TOTOLINK T6 version 4.1.5cu.709 B20210518, consider disabling access to the cstecgi.cgi endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.