This is another unauthenticated remote OS command injection vulnerability affecting Totolink A8000RU wireless routers. The flaw exists in the setOpenVpnClientCfg function of the device's CGI handler. Attackers can inject arbitrary commands via the enabled parameter in a crafted request to achieve full device compromise.
Remediation
Follow the same mitigation steps for this flaw as other command injection issues in the Totolink A8000RU. Restrict access to the device's web interface from public networks and monitor for official security patches. Apply any available firmware update immediately once it is released.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.