TOTOLINK T6 Telnet Service Missing Authentication Vulnerability

A critical vulnerability exists in the TOTOLINK T6 router, specifically in version 4.1.5cu.748_B20211015. The issue arises in the Telnet Service, within the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The vulnerability allows remote attackers to enable the Telnet service without authentication by manipulating the telnet_enabled argument. Exploitation of this vulnerability could lead to unauthorized access, potentially allowing an attacker to gain a root shell on the device.

Impact

Exploitation of this vulnerability could result in unauthorized access to the device, with the potential to gain root privileges.

Reproduction

To reproduce this vulnerability, send a request to the /cgi-bin/cstecgi.cgi endpoint with the telnet_enabled argument set to 1. This can be done using a tool like curl or Postman. The request can be sent over the internet, as the vulnerability can be exploited remotely.

Remediation

It is recommended to apply restrictive firewall rules to block unauthorized access to the Telnet service.