Command Injection Vulnerability in TOTOLINK NR1800X
CVE-2022-44249
9.8CRITICAL
What is CVE-2022-44249?
The TOTOLINK NR1800X, specifically in version V9.1.0u.6279_B20210910, is susceptible to a command injection vulnerability. This defect occurs through the FileName parameter within the UploadFirmwareFile function, allowing unauthorized commands to be executed. Exploitation of this vulnerability could enable an attacker to gain control over the affected system, emphasizing the need for immediate updates and validation of input parameters.