Command Injection Vulnerability in TOTOLink N600R Router from TOTOLink
CVE-2022-28910
9.8CRITICAL
What is CVE-2022-28910?
The TOTOLink N600R router has a command injection vulnerability that allows local attackers to execute arbitrary commands on the system through the devicename parameter in the /setting/setDeviceName API endpoint. This flaw can be exploited by sending specially crafted requests to the affected device, potentially leading to security breaches and unauthorized access to sensitive router configurations.
