A critical remote command injection vulnerability in the Totolink A8000RU router allows unauthenticated attackers to execute arbitrary system commands.

This vulnerability is located in the setRadvdCfg function of the /cgi-bin/cstecgi.cgi file. An unauthenticated attacker can leverage the maxRtrAdvInterval argument to perform OS command injection.

With a CVSS score of 9.8, this vulnerability poses a significant risk to the security of the network. Successful exploitation allows for complete device control, potentially leading to widespread network compromise and data theft.

Immediate Action: Update the affected Totolink A8000RU unit to the latest firmware version.

Proactive Monitoring: Monitor for suspicious network traffic and verify the integrity of router configuration settings.

Compensating Controls: Block access to the CGI handler from untrusted sources using firewall or access control lists.

Public Exploit Available: Yes

Administrators must prioritize the firmware update to mitigate this high-risk vulnerability. Given the ease of exploitation, ensure that the device management interface is not exposed to the public internet.