Command Injection Vulnerability in Totolink Router Models
CVE-2021-44247

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: A720r Firmware
Vendor: CVE Published:; 4 February 2022

Summary

Certain Totolink router models, specifically A3100R, A830R, and A720R, exhibit a command injection flaw in the setNoticeCfg function. This vulnerability allows attackers to exploit the IpFrom parameter, potentially executing arbitrary commands on the affected devices. This can lead to unauthorized access and compromise the integrity of the network, highlighting the need for timely patching and robust security practices to safeguard against such vulnerabilities.

References

https://github.com/pjqwudi/my_vuln/blob/main/totolink/vul...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Nov 29, 2021