CVE-2022-25075

Name of the Vulnerable Software and Affected Versions TOTOLink A3000RU version V5.9c.2280 B20180512

Description The issue is related to a command injection vulnerability in the "Main" function, which is caused by insufficient argument checking. This allows attackers to execute arbitrary commands via the QUERY STRING parameter.

Recommendations For TOTOLink A3000RU version V5.9c.2280 B20180512, consider disabling the Main function or restricting access to the QUERY STRING parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.