Wavlink NU516U1 Command Injection Vulnerability in Wireless CGI Delete Mac List Page

A command injection vulnerability has been identified in the Wavlink NU516U1 router, specifically in the firmware version M16U1_V240425. The issue arises in the '/cgi-bin/wireless.cgi' file, within the 'Delete_Mac_list' page. The vulnerability is triggered by manipulating the 'delete_list' parameter, which is processed by the 'sub_4030C0' function. This exploitation allows for arbitrary command execution on the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/wireless.cgi' with the 'page' parameter set to 'Delete_Mac_list' and the 'delete_list' parameter containing the payload for the command to be executed. The request can be made using a web browser or a tool like curl, ensuring that the 'Content-Type' is set to 'application/x-www-form-urlencoded'.