A critical remote command injection vulnerability in Totolink A7100RU routers allows unauthenticated attackers to execute arbitrary commands with root-level privileges.

This is an OS command injection vulnerability located in the /cgi-bin/cstecgi.cgi file. Attackers can manipulate the enable argument to execute system commands remotely without authentication.

With a CVSS score of 9.8, the impact is catastrophic. An attacker can gain full control over the networking device, facilitating man-in-the-middle attacks, data interception, and persistence within the local network.

Immediate Action: Apply the latest firmware update provided by Totolink to the affected A7100RU devices.

Proactive Monitoring: Monitor network traffic for suspicious cgi-bin activity and unexpected outbound connections from the router.

Compensating Controls: Disable remote management interfaces on the router and ensure it is not directly exposed to the public internet.

Public Exploit Available: Yes

The availability of a public exploit significantly increases the risk of this vulnerability. Administrators must update affected hardware immediately to prevent compromise.