TOTOLink Vulnerability Vendor: TOTOLink Product: CA300 PoE Version: V6.2c-884 Type: Remote Command Execution Author: Jian Peng Institution: pengjiaqian@nie.ac.cn Vulnerability Description We found a Command Injection vulnerability in the TOTOLink router with firmware version V6.2c-884, which allows remote attackers to execute arbitrary OS commands from a crafted request. Remote Command Execution In binary: In function, is directly passed by the attacker, so we can control the to attack the OS. The initial input will be extracted and cause command injection. Supplement To avoid such problems, the string content should be checked in the input extraction part. PoC We set as , and the router will execute it, such as: Result Get a shell!