Command Injection Vulnerability in TOTOLINK A6000R Router

CVE-2024-57214

Summary

The TOTOLINK A6000R router version V1.0.1-B20201211.2000 is susceptible to a command injection vulnerability found in the reset_wifi function. This flaw arises due to improper handling of the devname parameter, which could allow an attacker to execute arbitrary commands on the device. Exploiting this vulnerability could compromise the router's integrity, potentially leading to unauthorized access and control over the network. Users of the affected version are advised to monitor their configurations and apply necessary safeguards to protect their devices.

References