This flaw exists in the CGI handler component of the /cgi-bin/cstecgi.cgi file in affected Totolink A8000RU routers. Manipulation of the `proto` argument allows unauthenticated remote attackers to inject and execute arbitrary OS commands. A public exploit is available for this vulnerability.
Remediation
No official vendor patch is currently available for this issue. Organizations should restrict external access to affected routers and consider replacing vulnerable devices with supported alternatives if updates are not released.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.