CVE-2022-25076

Name of the Vulnerable Software and Affected Versions TOTOLink A800R version 4.1.2cu.5137 B20200730

Description The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A800R router's firmware. This vulnerability is caused by the lack of input data sanitization, allowing attackers to execute arbitrary commands via the QUERY STRING parameter.

Recommendations For TOTOLink A800R version 4.1.2cu.5137 B20200730, consider disabling the "Main" function until a patch is available to prevent exploitation of the command injection vulnerability. Restrict access to the QUERY STRING parameter to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.