Wavlink NU516U1 Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in the Wavlink NU516U1 USB Network Printer Server, specifically in the function 'advance' of the '/cgi-bin/wireless.cgi' file. This vulnerability allows remote attackers to execute arbitrary operating system commands by manipulating the 'wlan_conf', 'Channel', 'skiplist', and 'ieee_80211h' parameters. The issue arises from the parameters being directly passed to the function without proper validation, enabling exploitation through crafted requests.

Impact

Exploitation of this vulnerability leads to unauthorized execution of operating system commands on the affected device, potentially allowing for further system compromise.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/wireless.cgi' with the 'wlan_conf' parameter set to a command payload, such as 'telnetd -l /bin/sh -p 8894'. The device will execute the command, providing a shell access through the specified port.