Name of the Vulnerable Software and Affected Versions:

PowerStick Wave Dual-Band Wifi Extender version 1.0

Description:

An authenticated remote code execution issue in PowerStick Wave Dual-Band Wifi Extender version 1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue is due to insufficient sanitization of user-supplied input in the `/cgi-bin/cgi vista.cgi` executable, which is passed to a system-level function call.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.