Lzy0522

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X18 version 9.1.0cu.2024 B20220329 **Description** The issue concerns an unauthorized arbitrary command execution in the `enable` parameter of the `sub 41105C` function of `cstecgi.cgi`. **Recommendations** For TOTOLINK X18 version 9.1.0cu.2024 B20220329, consider disabling the `sub 41105C` function of `cstecgi.cgi` to prevent exploitation until a patch is available. Restrict access to the `enable` parameter in the affected `cstecgi.cgi` to minimize the risk of unauthorized command execution.