CVE-2022-44843 is a critical command injection vulnerability identified in the TOTOlink A7100RU router firmware version V7.4cu.2313_B20191024. The flaw exists in the function setting/setOpenVpnClientCfg, specifically via the 'port' parameter. An attacker can exploit this vulnerability by sending crafted input to the port parameter, which is not properly sanitized, allowing arbitrary command execution on the underlying operating system. This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating that the input is directly passed to a system shell without adequate validation or escaping. The CVSS v3.1 base score is 9.8, reflecting its critical severity with the following vector: Network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality (C:H), integrity (I:H), and availability (A:H). This means the vulnerability can be exploited remotely over the network without authentication or user interaction, leading to full system compromise. Although no known exploits are currently reported in the wild, the ease of exploitation and high impact make this a significant threat. The lack of vendor or product information beyond the router model limits detailed attribution, but the affected device is a consumer or small office/home office (SOHO) router, which is commonly deployed in various environments. The absence of patch links suggests that no official fix has been publicly released yet, increasing the urgency for mitigation.

For European organizations, this vulnerability poses a severe risk, especially for those using TOTOlink A7100RU routers in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary commands remotely, leading to full compromise of the router. This can result in interception or manipulation of network traffic, disruption of internet connectivity, and potential pivoting into internal networks. Confidentiality is at high risk as attackers could capture sensitive data passing through the router. Integrity and availability are also critically impacted, as attackers could alter configurations, inject malicious payloads, or cause denial of service. Given the router’s role as a gateway device, exploitation could undermine the security of connected systems and data. European organizations in sectors such as small and medium enterprises (SMEs), remote offices, or home workers relying on this router model are particularly vulnerable. The threat also extends to critical infrastructure and industrial environments if these devices are deployed there, potentially affecting operational continuity and safety.

1. Immediate network segmentation: Isolate TOTOlink A7100RU routers from critical network segments to limit potential lateral movement if compromised. 2. Disable OpenVPN client functionality if not in use, as the vulnerability lies in the OpenVPN client configuration interface. 3. Monitor network traffic for unusual or unauthorized configuration requests targeting the router’s management interfaces. 4. Implement strict firewall rules to restrict access to router management ports from untrusted networks. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection for command injection attempts targeting this router model. 6. Regularly audit and inventory network devices to identify any TOTOlink A7100RU routers and assess their firmware versions. 7. Engage with the vendor or community forums for any unofficial patches or workarounds until an official patch is released. 8. Consider replacing vulnerable devices with models from vendors with active security support if mitigation is not feasible. 9. Educate IT staff on this vulnerability to recognize exploitation signs and respond promptly.