A critical OS command injection vulnerability in Totolink A7100RU routers allows remote, unauthenticated attackers to execute arbitrary code.

This is an OS command injection vulnerability in the setWiFiEasyCfg function of the CGI handler, where the merge argument is not properly sanitized, allowing remote unauthenticated attackers to execute commands.

The severity of this flaw (CVSS 9.8) means an attacker can gain complete control over the device, leading to significant security risks including data theft, network interception, and further compromise of the local environment.

Immediate Action: Deploy the latest firmware update provided by Totolink to remediate the vulnerability.

Proactive Monitoring: Monitor logs for unauthorized configuration changes or attempts to interact with the CGI handler.

Compensating Controls: Block external access to the device’s administrative CGI endpoints using firewall rules.

Public Exploit Available: Yes

Prompt firmware updates are critical for all Totolink A7100RU devices. Given the existence of public exploits, organizations should prioritize this remediation to maintain the security and integrity of their network infrastructure.