CVE-2022-25080

Name of the Vulnerable Software and Affected Versions TOTOLink A830R version V5.9c.4729 B20191112

Description The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink A830R router's firmware. This allows a remote attacker to execute arbitrary commands through the QUERY STRING parameter.

Recommendations For TOTOLink A830R version V5.9c.4729 B20191112, consider restricting access to the "Main" function until a patch is available, and avoid using the QUERY STRING parameter in the affected API endpoint to minimize the risk of exploitation.