From this webpage screenshot, the following key vulnerability information can be extracted: Vulnerability Overview Product: WAVLINK NUS16U-wireless Tag: Binary Category: IoT TOC Number: true Date: 2025/8/1 11:20:53 Vulnerability Description WAVLINK is a company specializing in network equipment and solutions, offering products such as routers, extenders, and bridges. The firmware of the WAVLINK NUS16U1 model contains a command injection vulnerability. Attackers can exploit this vulnerability by sending specially crafted requests to execute arbitrary commands. Code Audit The program was analyzed using . In the function, when receiving the user-submitted parameter, the function is called for processing. Inside , if the field is set to a specific value, the program proceeds to call . Within , the value of the parameter is concatenated into a command string and executed via the function, resulting in a command injection vulnerability. POC (Proof of Concept) Key Points Summary Vulnerability Type: Command Injection Affected Version: WAVLINK NUS16U1 firmware Attack Method: Sending a specially crafted HTTP POST request, exploiting the parameter to inject commands Risk: Attackers can execute arbitrary system commands, potentially leading to further security risks