Product Information Vendor: Shenzhen Jixiang Tengda Technology Co., Ltd. Product: Router AC21 Affected Version: Latest Version (AC21 V1.0 V16.03.08.16) Vulnerability Type: Stored Command Injection Vulnerability Description A critical stored command injection vulnerability was found in the endpoint. The vulnerability exists in the function, which handles DMZ configuration. The function retrieves the parameter and uses for logic comparison. Since is not a strict validator, an attacker can append shell commands to the input. Vulnerability Location (Corresponding function: ) Root Cause 1. Insufficient Input Validation (Frontend): The function uses but fails to reject inputs with dangerous shell metacharacters or extra data after a valid IP address. 2. Unsafe Backend Execution: The backend process ( ) executes stored data in NVRAM directly in a system command string via or . Impact Remote Code Execution (RCE): Gaining full root access to the router. Persistent Compromise: Injected commands can be re-executed upon reboot. Network Interception: Modifying firewall rules, intercepting traffic. Proof of Concept (PoC) The vulnerability can be triggered by sending a crafted POST request with a payload like in the parameter. An included Python script demonstrates the exploit execution.