TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 are vulnerable to command injection, which originates from uci_ cloudupdate_config function in the magicid parameter fails to properly filter the construction command special characters, commands, etc., and an attacker can use this vulnerability to cause arbitrary command execution.