A vulnerability has been discovered in the management interface, which may allow command injection by filtering inappropriate input parameters. This flaw is due to insufficient sanitization of user-provided data passed to certain interfaces in the web management panel of the router. An attacker who can log in to the panel can exploit this vulnerability by sending carefully crafted parameter values, resulting in arbitrary code execution.

Created on November 29, 2021
Modified fixed plan on August 29, 2022
Modified impact and description on September 1, 2022
Modified impact and description on April 13, 2023

KingSmith welcomes security experts and research teams to join our vulnerability disclosure program. KingSmith is committed to taking responsibility for the security of our global users, allowing them to enjoy a secure and reliable smart life.
For the security vulnerabilities disclosed on this page, KingSmith does not imply any form of express or implied warranty or guarantee, including warranties of merchantability, fitness for a particular purpose, or non-infringement. You understand that the vulnerability disclosure information is provided for reference purposes only to assess security risks and make appropriate decisions. In any case, KingSmith shall not be liable for any damages, including direct, indirect, incidental, consequential business profit loss or special damages, arising from your use of this document.