A critical OS command injection vulnerability in the Totolink A8000RU router allows unauthenticated remote attackers to execute arbitrary commands.

The vulnerability affects the setWiFiAclRules function in /cgi-bin/cstecgi.cgi. The mode parameter is not properly sanitized, facilitating remote OS command injection by an unauthenticated attacker.

The device is susceptible to total compromise, which can result in severe network security breaches. The 9.8 CVSS score confirms the high severity and potential for exploitation.

Immediate Action: Update the device firmware to the latest available version and disable Wi-Fi ACL rules if not required.

Proactive Monitoring: Monitor logs for unauthorized configuration changes and suspicious command activity.

Compensating Controls: Use a firewall to block all WAN-side access to the management interface.

Public Exploit Available: Yes

Immediate firmware updates are required to mitigate this threat. If a patch is unavailable, isolate the device from external networks to prevent unauthorized remote access.