A critical remote OS command injection flaw in the Totolink A7100RU router allows unauthenticated attackers to execute arbitrary commands, threatening network integrity.

The vulnerability is located in the setPortalConfWeChat function of the /cgi-bin/cstecgi.cgi component. Unauthenticated remote attackers can perform OS command injection by manipulating the enable argument.

The CVSS score of 9.8 justifies the classification of this vulnerability as critical. Successful exploitation provides attackers with arbitrary code execution capabilities, which can be leveraged to compromise the device, perform man-in-the-middle attacks, or facilitate further unauthorized access to the protected network.

Immediate Action: Update the affected Totolink A7100RU devices to the latest firmware provided by the manufacturer.

Proactive Monitoring: Monitor network traffic for suspicious requests to the CGI handler and review device logs for signs of unauthorized configuration changes or command execution.

Compensating Controls: Restrict management interface access to trusted networks and monitor for unauthorized attempts to invoke the vulnerable CGI function.

Public Exploit Available: Yes

Given the critical severity and the existence of public exploits, immediate remediation is required. Organizations should ensure all affected hardware is updated to the latest available firmware to mitigate this high-risk vulnerability.