A critical remote command injection vulnerability in the Totolink A8000RU router allows unauthenticated attackers to execute arbitrary system commands.

The setOpenVpnClientCfg function in the /cgi-bin/cstecgi.cgi file contains an OS command injection vulnerability. An unauthenticated attacker can exploit this by sending a crafted request to the enabled argument.

The CVSS score of 9.8 reflects the high risk of this vulnerability. Exploitation can lead to complete takeover of the router, allowing attackers to compromise VPN connections and gain unauthorized access to the internal network.

Immediate Action: Update the router to the latest available firmware version to patch this security flaw.

Proactive Monitoring: Monitor for unexpected VPN configuration changes and anomalous outbound traffic from the device.

Compensating Controls: Restrict access to the router's web interface to trusted internal IP addresses only.

Public Exploit Available: Yes

Immediate patching is required to address this vulnerability. Organizations should also conduct a review of their VPN configuration to ensure that no unauthorized changes have been made.