TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
References
Link | Resource |
---|---|
https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/9 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-05-10 07:15
Updated : 2022-05-16 10:15
NVD link : CVE-2022-28910
Mitre link : CVE-2022-28910
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
totolink
- n600r_firmware
- n600r