Command Injection Vulnerability in Totolink A830R Router
CVE-2022-48069

7.5HIGH

Key Information:

Vendor: Totolink
Status: A830r Firmware
Vendor: CVE Published:; 27 January 2023

Summary

The Totolink A830R router, specifically version V4.1.2cu.5182, is susceptible to a command injection vulnerability through the QUERY_STRING parameter. This flaw allows an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access and manipulation of the router's settings. Remediation steps should be taken to secure the device and mitigate risks associated with this vulnerability.

References

https://befitting-vinca-933.notion.site/Totolink-A830R-V4...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2023
Vulnerability Reserved
Dec 29, 2022