A remote command injection vulnerability has been identified in Totolink A8000RU router firmware version 7.1cu.643_b20200521. The vulnerability exists in the CGI Handler component, specifically in the /cgi-bin/cstecgi.cgi file where manipulation of the 'proto' argument leads to OS command injection. This security flaw can be exploited remotely by attackers. Public exploits are available for this vulnerability, making it particularly dangerous for organizations using affected devices. The vulnerability allows attackers to execute arbitrary commands on the target system through the web interface.