An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /…

A command injection vulnerability was discovered in ToToLink A3300R firmware version v17.0.0cu.557_B20221024. The vulnerability allows attackers to execute arbitrary commands through the stunMaxAlive parameter when making requests to the /cgi-bin/cstecgi.cgi endpoint. This represents a critical security flaw that could enable remote code execution on affected router devices. The vulnerability has been documented with proof-of-concept code available on GitHub, indicating potential for exploitation in the wild.