Awigwu76

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X5000R version 9.1.0cu.2089 B20211224 **Description** A flaw exists in TOTOLINK X5000R that allows for operating system command injection. This occurs due to the manipulation of the `User` argument within the `snprintf` function located in the file `/cgi-bin/cstecgi.cgi?action=exportOvpn&type=user`. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.