CVE-2022-44249 Information

Description

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.

Reference

https://brief-nymphea-813.notion.site/LR350-command-injection-UploadFirmwareFile-f006f70e9e6540529d262a8d34154d24