M4Rg4Tr01D

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X6000R version 9.4.0cu.1041 B20240224 **Description** The issue arises from the use of the `Uci Set` function without strict parameter filtering in the shttpd file. This allows an attacker to achieve arbitrary command execution by constructing a specific payload. **Recommendations** For TOTOLINK X6000R version 9.4.0cu.1041 B20240224, consider disabling the `Uci Set` function until a patch is available to prevent arbitrary command execution. Restrict access to the shttpd file to minimize the risk of exploitation.