Totolink A3300R Command Injection Vulnerability

A command injection vulnerability has been identified in the Totolink A3300R router, specifically in version 17.0.0cu.557_b20221024. The issue arises in the web service 'shttpd', within the function 'setWiFiBasicCfg' of the file '/cgi-bin/cstecgi.cgi'. The vulnerability allows remote attackers to execute arbitrary operating system commands by manipulating the 'rxRate' parameter in an HTTP request. This exploitation could lead to a complete compromise of the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device, potentially leading to a full compromise of the router.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/cstecgi.cgi' with the 'rxRate' parameter set to a crafted command, such as 'wget' to download a file from a remote server. The router will execute the command, as demonstrated in the proof-of-concept available on GitHub.