Command Injection Vulnerability in TOTOLink N600R Router
CVE-2022-28909
9.8CRITICAL
What is CVE-2022-28909?
The TOTOLink N600R router has been found to contain a command injection vulnerability. This issue arises from improper validation of user input in the webwlanidx parameter when accessing the /setting/setWebWlanIdx endpoint. Exploiting this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially compromising its security and functionality.
