Key Information Overview Vendor: Wavlink Product: NUS16U1 Version: M16U1_V240425 Type: Command Injection Vulnerability Description Wavlink NUS16U1 M16U1_V240425 has been found to contain a command injection vulnerability via the parameter in the function within the file. Vulnerability Details 1. In the function, the value of the parameter is retrieved from user input. 2. Setting the parameter to triggers the call to the function. 3. Within the function, the parameter is retrieved via POST request and assigned to the variable . 4. The variable is ultimately passed to the function for execution. POC