A critical command injection vulnerability in the Totolink N300RH router allows remote attackers to execute arbitrary OS commands and gain full control of the device.

The vulnerability exists in the setWebWlanIdx function within /cgi-bin/cstecgi.cgi. By manipulating the webWlanIdx argument, a remote, unauthenticated attacker can trigger an OS command injection flaw.

Compromise of edge networking equipment like the N300RH can lead to traffic interception, DNS poisoning, and unauthorized access to the internal network. Attackers can utilize the device as a persistent foothold for further attacks or incorporate it into a botnet. The CVSS score of 9.8 and the availability of a public exploit significantly elevate the risk profile.

Immediate Action: Apply the latest firmware update provided by Totolink or replace the device if it has reached End-of-Life (EOL) and no patch is available.

Proactive Monitoring: Monitor network traffic for unusual outbound connections from the router and check for unauthorized changes to the router's configuration.

Compensating Controls: Disable the Web Management Interface on the WAN side and restrict LAN-side access to trusted administrative IP addresses only.

Public Exploit Available: Yes

Due to the availability of a public exploit and the critical nature of remote command execution, this vulnerability must be addressed immediately. Administrators should assume any device exposed to the internet is already at risk and should prioritize firmware updates or hardware replacement.