Firmware:
TOTOLINK:A860R V4.1.2cu.5182_B20201027
http://www.totolink.cn/home/menu/detail.html?menu_listtpl=download&id=62&ids=36
Detail:
In cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in the vulnerability of command injection
You can see that the value of v32 runs without filtering
poc:
