Wavlink WN579A3 Multi SSID Vulnerability Overview Vendor: Wavlink Product: WL-WN579A3 Version: 20210219 Type: Command Injection Vulnerability Description A vulnerability has been found in Wavlink WL-WN579A3 version 20210219. The vulnerability can be triggered through the route . Manipulating the argument leads to command injection, allowing remote execution. Vulnerability Details In the function, the value of the parameter is obtained via a POST request. This value is then passed to the variable through the function, which is later passed to the function, enabling command injection. PoC (Proof of Concept) Key Takeaways The vulnerability allows remote command execution via manipulative input to the parameter. The provided PoC demonstrates the potential for arbitrary command execution by injecting shell commands.