CVE-2022-25083

Name of the Vulnerable Software and Affected Versions TOTOLink A860R version V4.1.2cu.5182 B20201027

Description The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A860R router's firmware. This vulnerability is caused by the lack of input data sanitization, allowing attackers to execute arbitrary commands via the QUERY STRING parameter.

Recommendations For TOTOLink A860R version V4.1.2cu.5182 B20201027, as a temporary workaround, consider restricting access to the "Main" function or sanitizing the QUERY STRING parameter to prevent command injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.