TOTOLINK CA600-PoE Command Injection Vulnerability

A command injection vulnerability has been identified in the TOTOLINK CA600-PoE router, specifically in version V5.3c.6665_B20180820. The issue arises in the 'CloudSrvUserdataVersionCheck' function, where the 'url' parameter can be manipulated to execute arbitrary commands on the device via a crafted request.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/cstecgi.cgi' on the router's IP address. Include a 'topicurl' parameter set to 'CloudSrvUserdataVersionCheck' and a 'url' parameter crafted to inject commands, such as '1;pwd;'. The request should also include the necessary headers to mimic a legitimate browser request, including 'Content-Type' set to 'application/x-www-form-urlencoded'.