A critical vulnerability has been identified in Totolink A8000RU router firmware version 7.1cu.643_b20200521. The vulnerability exists in the setOpenVpnClientCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component. Attackers can exploit this flaw by manipulating the 'enabled' argument to achieve OS command injection. The vulnerability can be exploited remotely, making it particularly dangerous for internet-facing devices. The exploit has been publicly disclosed and is available for use, increasing the risk of active exploitation. This affects the router's OpenVPN client configuration functionality and could allow attackers to execute arbitrary commands on the affected system.