CVE-2022-25077

Name of the Vulnerable Software and Affected Versions TOTOLink A3100R version 4.1.2cu.5050 B20200504

Description The issue is related to a command injection vulnerability in the "Main" function, which is caused by a lack of input data sanitization. This allows attackers to execute arbitrary commands via the QUERY STRING parameter.

Recommendations For TOTOLink A3100R version 4.1.2cu.5050 B20200504, consider restricting access to the "Main" function to minimize the risk of exploitation. Avoid using the QUERY STRING parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.