An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cg…

A command injection vulnerability was discovered in ToToLink A3300R firmware version v17.0.0cu.557_B20221024. The vulnerability allows attackers to execute arbitrary commands through the stunEnable parameter when making requests to the /cgi-bin/cstecgi.cgi endpoint. This represents a critical security flaw that could allow remote code execution on affected router devices. The vulnerability has been documented with proof-of-concept code available on GitHub. Network administrators should prioritize patching affected ToToLink A3300R routers to prevent potential exploitation.