CVE-2022-47853

Name of the Vulnerable Software and Affected Versions TOTOlink A7100RU version 7.4cu.2313 B20191024

Description The issue is related to a Command Injection Vulnerability in the httpd service of the TOTOlink A7100RU router's firmware. This vulnerability allows an attacker to execute arbitrary commands by sending a specially constructed payload, potentially leading to the attacker obtaining a stable root shell. The vulnerability is due to the lack of proper sanitization of special elements, which can be exploited by a remote attacker.

Recommendations For TOTOlink A7100RU version 7.4cu.2313 B20191024, consider disabling the httpd service until a patch is available to prevent exploitation of the Command Injection Vulnerability. Restrict access to the router's web interface to minimize the risk of exploitation. Avoid using the router's web interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.