Wavlink AC3000 Command Injection Vulnerability in wireless.cgi AddMac() Function

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the wireless.cgi AddMac() function of version M33A8.V5030.210505. This vulnerability allows authenticated attackers to execute arbitrary commands on the router by sending specially crafted HTTP requests. The issue arises because the AddMac() function does not properly validate or sanitize input before executing it as a command, leading to potential unauthorized command execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, an authenticated user can send an HTTP POST request to the Wavlink AC3000 router's wireless.cgi interface, targeting the AddMac() function. The request must include the 'addMac' parameter with a crafted value that exploits the command injection flaw. Once the request is processed, the injected command will be executed on the router's operating system.