TOTOLINK X6000R-V9.4.0cu.852_B20230719
Command Execution Vulnerability
<https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html?_JS140.238.14.1=32a3b88fa917c478ff16813b06e93632b1699790448_184814390>
In the shttpd file, sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.