Key Information Vulnerability Overview Vulnerability Name: WAVLINK WL-WN578W2 M78W2 V221110 Unauthorized Command Injection (firewall.cgi) Vendor: WAVLINK Product: WAVLINK WL-WN578W2 (Wireless Range Extender) Firmware Version: M78W2_V221110 Affected Endpoint: /cgi-bin/firewall.cgi (POST method) Vulnerability Details Vulnerability Type: Unauthorized Command Injection CVE ID: Pending Impact: Attackers can execute arbitrary commands without authentication (e.g., tampering with sensitive data, implanting persistent backdoors, modifying device configurations) Reporter: nipotsec (nipotsec@gmail.com) Technical Analysis Root Cause: - The function lacks authentication checks. - The function improperly handles parameters, allowing unfiltered special characters (such as and ) to be directly concatenated into system command strings. Proof of Concept (PoC) Netcat Listener Setup: Unauthorized POST Request Example: Summary This vulnerability allows attackers to execute arbitrary commands by sending a specially crafted POST request, without requiring authentication, thereby achieving full control over the device. Users are advised to update their firmware promptly or implement other security measures to prevent exploitation.