A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/170.html
https://drive.google.com/file/d/1_9ru2GRZ13T1KQKXPq2E14-opgf9ih45/view?usp=sharing