TOTOLINK CA600-PoE Command Injection Vulnerability

A command injection vulnerability has been identified in the TOTOLINK CA600-PoE router, specifically in the firmware version V5.3c.6665_B20180820. The issue arises in the 'CloudSrvUserdataVersionCheck' function, where the 'svn' parameter can be manipulated to execute arbitrary commands on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/cstecgi.cgi' on the router's IP address. Include the 'CloudSrvUserdataVersionCheck' topic in the 'topicurl' parameter and craft the 'svn' parameter to inject commands, such as '1;pwd;'.