Icycu123

**Name of the Vulnerable Software and Affected Versions** Totolink X6000R AX3000 versions 9.4.0cu.852 20230719 **Description** A critical issue exists in the `setWizardCfg` function of the `shttpd` component, located in the `/cgi-bin/cstecgi.cgi` file. This is due to a lack of input validation, which allows for command injection. The exploit for this issue has been publicly disclosed and is available for use. **Recommendations** Totolink X6000R AX3000 version 9.4.0cu.852 20230719: At the moment, there is no information about a newer version that contains a fix for this vulnerability.