This indicates an attack attempt to exploit a Command Injection Vulnerability in TOTOLINK routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An unauthenticated remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.

affected-products-logoAffected Products

TOTOLink A3000RU V5.9c.2280_B20180512
TOTOLink T6 V5.9c.4085_B20190428
TOTOLink A860R V4.1.2cu.5182_B20201027
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112
TOTOLink T10 V5.9c.5061_B20200511
TOTOLink A830R V5.9c.4729_B20191112
TOTOLink A810R V4.1.2cu.5182_B20201026
TOTOLink A3600R V4.1.2cu.5182_B20201102
TOTOLink A3100R V4.1.2cu.5050_B20200504
TOTOLink A800R V4.1.2cu.5137_B20200730
TOTOLink A810R V5.9c.4050_B20190424

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-06-01 21.328 Default_action:pass:drop
2022-05-10 20.312