Command Injection Vulnerability in TOTOLink N600R Router
CVE-2022-28905
9.8CRITICAL
What is CVE-2022-28905?
The TOTOLink N600R router has been found to be susceptible to a command injection vulnerability. Specifically, the vulnerability occurs through the 'devicemac' parameter in the '/setting/setDeviceName' endpoint. Attackers can exploit this flaw to execute arbitrary commands on the device, potentially compromising the security and functionality of the router. This vulnerability highlights the necessity for robust input validation mechanisms in network devices to prevent unauthorized access and control.
