CVE-2022-27003

Name of the Vulnerable Software and Affected Versions Totolink routers X5000R version 9.1.0u.6118 B20201102 Totolink routers A7000R version 9.1.0u.6115 B20201022

Description The issue is related to a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This allows attackers to execute arbitrary commands via a crafted request, potentially enabling remote execution of arbitrary code.

Recommendations For Totolink routers X5000R version 9.1.0u.6118 B20201102, consider disabling the Tunnel 6rd function until a patch is available. For Totolink routers A7000R version 9.1.0u.6115 B20201022, restrict access to the relay6rd parameter in the Tunnel 6rd function to minimize the risk of exploitation.