Beastmode Powered With Newly Added Exploits

The newly added exploits

• Researchers from Fortinet analyzed a recent version of Beastmode to discover newly added flaws targeting TOTOLINK devices, which have been delineated below.
• CVE-2022-26210: A command injection vulnerability allowing execution of arbitrary commands and affecting TOTOLINK A800R, A810R, A830R, A950RG, A3000RU, and A3100R routers.
• CVE-2022-26186: A command injection vulnerability, exploited through export0vpn interface at cstecgi[.]cgi. This vulnerability affects TOTOLINK N600R and A7100RU routers.
• CVE-2022-25075 to 25084 is a set of severity vulnerabilities that allow the execution of arbitrary commands and affect TOTOLINK A810R, A830R, A860R, A950RG, A3100R, A3600R, T6, and T10 routers.

More exploits for different routers

• CVE-2021-45382: A remote code execution flaw affecting D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L.
• CVE-2021-4045: An unauthenticated remote code execution flaw affecting TP-Link Tapo C200 IP camera.
• CVE-2017-17215: An unauthenticated remote code execution flaw affecting Huawei HG532
• CVE-2016-5674: A remote arbitrary PHP code execution via log parameter, affecting Netgear ReadyNAS product line.

What to do?