CVE-2022-44250

Name of the Vulnerable Software and Affected Versions TOTOLINK NR1800X version 9.1.0u.6279 B20210910

Description The issue concerns a command injection via the hostName parameter in the setOpModeCfg function. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For TOTOLINK NR1800X version 9.1.0u.6279 B20210910, consider restricting access to the setOpModeCfg function to minimize the risk of exploitation. Avoid using the hostName parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.