{ "Name": "TotoLink FileName RCE(CVE-2022-26210)", "Description": "
TotoLink A800R, A810R, A830R, A950RG, A3000RU and A3100R and other routers are all products of TotoLink Company in Taiwan, China.
The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.
The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.
At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please pay attention to the manufacturer's homepage: https://www.totolink.net/
TotoLink A800R、A810R、A830R、A950RG、A3000RU 和 A3100R等多款路由器是都是中国台湾吉翁电子(TotoLink)公司的产品。
TotoLink 多款路由器FileName 参数在函数 setUpgradeFW 中包含命令注入漏洞。此漏洞允许攻击者通过精心制作的请求执行任意命令。
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://www.totolink.net/
TotoLink 多款路由器FileName 参数在函数 setUpgradeFW 中包含命令注入漏洞。此漏洞允许攻击者通过精心制作的请求执行任意命令。
TotoLink A800R, A810R, A830R, A950RG, A3000RU and A3100R and other routers are all products of TotoLink Company in Taiwan, China.
The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.
At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please pay attention to the manufacturer's homepage: https://www.totolink.net/
The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.