A critical remote command injection vulnerability in Totolink A7100RU routers allows unauthenticated attackers to execute arbitrary code via manipulated user arguments.

This is an OS command injection vulnerability located in the /cgi-bin/cstecgi.cgi file. Attackers can manipulate the User argument to execute system commands remotely without authentication.

With a CVSS score of 9.8, the impact is severe. Successful exploitation allows for complete takeover of the router, potentially leading to network-wide surveillance or the redirection of traffic to malicious destinations.

Immediate Action: Update the firmware of all affected Totolink A7100RU devices to the latest available version.

Proactive Monitoring: Inspect router logs for anomalous entries in the setVpnAccountCfg function and unusual administrative activity.

Compensating Controls: Restrict access to the router's web management interface to trusted internal segments only.

Public Exploit Available: Yes

Given the public availability of an exploit, this vulnerability poses an imminent threat. Organizations must prioritize firmware updates to mitigate the risk of remote system control.