TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.Referenceshttps://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_9_action_passwd/README.md