A critical remote command injection vulnerability in the Totolink A8000RU router allows unauthenticated attackers to execute arbitrary system commands.

The setWiFiEasyGuestCfg function within /cgi-bin/cstecgi.cgi is vulnerable to OS command injection. An unauthenticated remote attacker can inject commands by manipulating the merge argument.

The CVSS score of 9.8 identifies this as a critical issue. Successful exploitation allows an attacker to gain full control over the router, compromising the security of both the primary and guest wireless networks.

Immediate Action: Apply the latest firmware update provided by Totolink to remediate the vulnerability.

Proactive Monitoring: Monitor for unauthorized changes to guest Wi-Fi configurations and unusual system activity.

Compensating Controls: Restrict administrative access to the router to trusted internal management subnets.

Public Exploit Available: Yes

This vulnerability is highly severe and requires immediate patching. Administrators should verify the current firmware version and ensure it is updated to the latest release to prevent exploitation.