CVE-2022-25082

Name of the Vulnerable Software and Affected Versions TOTOLink A950RG versions V4.1.2cu.5204 B20210112 through V5.9c.4050 B20190424

Description The issue is related to the "Main" function of the TOTOLink A950RG router's firmware, which lacks input data sanitization. This allows a remote attacker to execute arbitrary commands via the QUERY STRING parameter.

Recommendations For TOTOLink A950RG version V4.1.2cu.5204 B20210112, consider disabling the "Main" function until a patch is available. For TOTOLink A950RG version V5.9c.4050 B20190424, restrict access to the QUERY STRING parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.