0x01 Vulnerability description
an issue was discovered on WAVLINK WN535 G3 devices,Firmware package version M35G3R.V5030.180927,where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time
0x02 Affected version
WAVLINK WN535 G3
0x03 Vulnerability
In adm.cgi, the received POST is directly spliced to the system function for execution
0x04 PoC verification
0x05 Acknowledgement
PeiWen.Huang


