Wavlink NU516U1 OS Command Injection Vulnerability

An OS command injection vulnerability has been identified in the Wavlink NU516U1 USB Network Printer Server, specifically in the wzdapMesh function of the /cgi-bin/adm.cgi file. This vulnerability allows remote attackers to execute arbitrary operating system commands by manipulating certain parameters. The issue arises because the device's firmware version M16U1_V240425 does not properly sanitize input before processing it, leaving the system open to exploitation.

Impact

Exploitation of this vulnerability leads to unauthorized execution of operating system commands, potentially allowing for further system compromise.

Reproduction

To reproduce this vulnerability, send a POST request to the /cgi-bin/adm.cgi endpoint with the wzdapMesh page parameter. Include crafted values for the ppp_username and ppp_passwd fields, along with other required network configuration parameters. The device will execute the command injected into the ppp_username field, such as starting a telnet daemon with a shell on a specified port.