Command Injection Vulnerability in TOTOLINK A6000R Router

CVE-2024-57213

Summary

The TOTOLINK A6000R router is vulnerable to a command injection flaw that arises from improper handling of the newpasswd parameter within the action_passwd function. This vulnerability enables attackers to execute arbitrary commands on the device, potentially leading to a full compromise of the router's functionality and security. To mitigate this risk, users are advised to update to the latest firmware version and implement secure password practices.

References