Command Injection in TOTOLink N600R Router
CVE-2022-28906
9.8CRITICAL
What is CVE-2022-28906?
The TOTOLink N600R router has been identified to have a command injection vulnerability that can be exploited through the 'langtype' parameter in the '/setting/setLanguageCfg' endpoint. This flaw allows an attacker to send malicious input that could lead to the execution of arbitrary commands on the device. Addressing this vulnerability is crucial for maintaining the integrity and security of networked devices and preventing unauthorized access.
