A critical remote command injection vulnerability in the Totolink A8000RU router allows unauthenticated attackers to execute arbitrary system commands.

This vulnerability occurs in the setPptpServerCfg function of the /cgi-bin/cstecgi.cgi component. Lack of proper input sanitization on the enable argument allows remote, unauthenticated attackers to inject and execute OS commands.

The CVSS score of 9.8 underscores the critical nature of this flaw, which allows for full device takeover. Unauthorized remote access can result in data exfiltration, internal network reconnaissance, and the deployment of persistent malware on the router.

Immediate Action: Update the router firmware to the latest version supplied by Totolink to remediate the vulnerability.

Proactive Monitoring: Monitor for anomalous traffic and unauthorized configuration changes, particularly those related to VPN or server settings.

Compensating Controls: Use a firewall to block external access to the device's CGI management interface if an immediate firmware update is not possible.

Public Exploit Available: Yes

Given the availability of exploits, immediate patching is required. Administrators should verify the integrity of their network configurations after applying updates to ensure no unauthorized persistence mechanisms were installed during the period of exposure.