TOTOLINK A860R is a wireless router from China Gion Electronics (TOTOLINK).TOTOLINK A860R version V4.1.2cu.5182_B20201027 is vulnerable to command injection, which stems from the component /cgi-bin/downloadFile.cgi failing to properly filter the construct command special characters, commands, etc. An attacker could exploit this vulnerability to cause arbitrary command execution.