Command Injection Vulnerability in TOTOlink A7100RU Firmware
CVE-2022-48125
9.8CRITICAL
What is CVE-2022-48125?
A command injection vulnerability was identified in the TOTOlink A7100RU router firmware, specifically within the setting/setOpenVpnCertGenerationCfg function. Due to insufficient validation of the password parameter, an attacker can execute arbitrary commands on the device. This flaw poses a significant risk, as it could allow unauthorized users to manipulate device operations, potentially leading to data breaches and unauthorized access to network resources.