CVE advisoryCRITICAL
CVE-2021-44620
TOTOLINK A3100R Command Injection Vulnerability
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A command injection vulnerability exists in TOTOLINK routers, allowing unauthenticated remote attackers to execute arbitrary commands through the `hosTime` parameter in `adm/ntm.asp`. This could potentially lead to device compromise and impact network operations. The main concern is confirming relevance and exposure.