CVE-2022-44252

Name of the Vulnerable Software and Affected Versions TOTOLINK NR1800X version 9.1.0u.6279 B20210910

Description The issue concerns a command injection via the FileName parameter in the setUploadSetting function. This allows for potential malicious commands to be executed. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For TOTOLINK NR1800X version 9.1.0u.6279 B20210910, consider disabling the setUploadSetting function until a patch is available to prevent exploitation via the FileName parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.