Command Injection Vulnerability in TOTOlink A7100RU Product
CVE-2022-44844

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: A7100ru Firmware
Vendor: CVE Published:; 25 November 2022

Summary

The TOTOlink A7100RU router has a vulnerability that allows attackers to execute arbitrary commands through the manipulation of the 'pass' parameter in the setting/setOpenVpnCfg function. This exploit can potentially lead to unauthorized access and compromise the device's configuration settings, posing significant risks to network security. Users are urged to apply necessary updates or mitigate potential attacks by carefully managing access to their devices.

References

https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A71...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2022
Vulnerability Reserved
Nov 7, 2022