Savant42

**Name of the Vulnerable Software and Affected Versions** Ctek SkyRouter versions 4200 and 4300 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `PINGADDRESS` parameter for a "u" action in the `apps/a3/cfg ethping.cgi` endpoint. **Recommendations** For Ctek SkyRouter versions 4200 and 4300, avoid using the `PINGADDRESS` parameter in the affected endpoint until the issue is resolved. Restrict access to the `cfg ethping.cgi` endpoint to minimize the risk of exploitation.