0x01 Vulnerability description
an issue was discovered on WAVLINK AERIAL X 1200M devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time
0x02 Affected version
WAVLINK AERIAL X 1200M
0x03 Vulnerability
In adm.cgi, the received POST is directly spliced to the system function for execution
0x04 PoC verification
0x05 Acknowledgement
PeiWen.Huang
Yuyu.Cao
Shengjie.Xu


