CVE-2022-25079

Name of the Vulnerable Software and Affected Versions TOTOLink A810R version 4.1.2cu.5182 B20201026

Description The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A810R router's firmware. This vulnerability is caused by the lack of input data sanitization. It allows remote attackers to execute arbitrary commands via the QUERY STRING parameter.

Recommendations For TOTOLink A810R version 4.1.2cu.5182 B20201026, as a temporary workaround, consider restricting access to the "Main" function until a patch is available. Avoid using the QUERY STRING parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.