CVE-2024-0291 is a command injection vulnerability identified in the Totolink LR1200GB router, specifically in firmware version 9.1.0u.6619_B20230130. The vulnerability resides in the UploadFirmwareFile function within the /cgi-bin/cstecgi.cgi endpoint. An attacker can manipulate the 'FileName' argument to inject arbitrary commands that the system executes. This flaw allows remote exploitation without user interaction, as the vulnerable CGI script processes the input directly. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that input is not properly sanitized before being passed to system commands. Although the CVSS v3.1 score is 6.3 (medium severity), the vulnerability's nature—remote command injection—poses a significant risk. The vendor has not responded to disclosure attempts, and no patches or mitigations have been published yet. No known exploits are currently reported in the wild, but public disclosure increases the risk of exploitation by threat actors. The vulnerability impacts confidentiality, integrity, and availability since arbitrary commands can be executed, potentially leading to data leakage, device takeover, or denial of service.

For European organizations using the Totolink LR1200GB router, this vulnerability could lead to severe security breaches. Attackers could remotely execute commands to gain unauthorized access, manipulate network traffic, or disrupt network services. This is particularly concerning for small and medium enterprises or branch offices relying on this router model for internet connectivity and network management. Compromise could result in data exfiltration, lateral movement within corporate networks, or use of the device as a foothold for further attacks. Given the lack of vendor response and patches, organizations face prolonged exposure. The impact extends to critical infrastructure sectors if these routers are deployed in sensitive environments, potentially affecting operational continuity and data privacy under GDPR regulations.

Since no official patch is available, European organizations should immediately assess their network for the presence of Totolink LR1200GB devices running the affected firmware version. Mitigation steps include: 1) Isolate vulnerable devices from untrusted networks or restrict access to the /cgi-bin/cstecgi.cgi endpoint using firewall rules or network segmentation; 2) Disable remote management features or restrict management access to trusted IP addresses only; 3) Monitor network traffic for unusual command execution patterns or unexpected outbound connections from the router; 4) Consider replacing affected devices with models from vendors that provide timely security updates; 5) Implement strict input validation and web application firewall (WAF) rules if possible to detect and block command injection attempts; 6) Maintain an inventory and continuous vulnerability scanning to detect similar issues promptly; 7) Engage with Totolink support channels for updates and consider reporting the issue to national cybersecurity authorities to raise awareness.