TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
https://github.com/n0wstr/IOTVuln/tree/main/CP450/CloudACMunualUpdate_injection