Wavlink NU516U1 Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in the Wavlink NU516U1 USB Network Printer Server, specifically in the M16U1_V240425 firmware. The issue arises in the 'wifi_region' function of the '/cgi-bin/adm.cgi' file, where the 'skiplist1' and 'skiplist2' arguments can be manipulated to execute arbitrary operating system commands. This vulnerability can be exploited remotely, and a proof of concept is publicly available.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/adm.cgi' with the 'page' parameter set to 'wifi_region'. Include a crafted 'skiplist1' value that contains the desired command, such as 'telnetd -l /bin/sh -p 8891'. The device will execute the command, providing a shell access through the specified port.