CVE-2023-31198 in AC-PD-WAPU
Summary
by MITRE • 06/13/2023
OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/24/2025
This vulnerability represents a critical operating system command injection flaw within Wi-Fi access point firmware products manufactured by the affected vendor. The vulnerability exists in the administrative interface of these devices, specifically in how the system processes user input when executing administrative commands. The flaw allows an attacker who has already established administrative credentials to inject malicious operating system commands through improperly sanitized input fields within the device management interface. This represents a severe privilege escalation vulnerability that transforms a legitimate administrative account into a full system compromise vector.
The technical nature of this vulnerability aligns with CWE-77 and CWE-88, which specifically address command injection flaws where user-supplied data is directly incorporated into operating system commands without proper sanitization or validation. The vulnerability occurs at the point where administrative commands are processed, likely in the web application layer that handles configuration changes, diagnostics, or system management functions. Attackers can exploit this by crafting malicious input that, when processed by the device's command execution engine, results in arbitrary code execution on the underlying operating system. This typically involves injection of shell metacharacters or command separators that bypass normal input validation mechanisms.
The operational impact of this vulnerability is substantial as it enables remote authenticated attackers with administrative privileges to execute arbitrary commands on the affected devices. This compromise allows attackers to gain complete control over the affected Wi-Fi access points, potentially enabling them to modify network configurations, redirect traffic, install malware, or establish persistent backdoors. The attack surface is particularly concerning because these devices are typically deployed in network infrastructure environments where they serve as critical access points for wireless connectivity, making them attractive targets for attackers seeking to establish persistent network access or conduct advanced persistent threat operations.
The vulnerability affects multiple variants of the vendor's Wi-Fi access point products including various models under the AC-PD-WAPU, AC-PD-WAPUM, AC-WAPU-300, and AC-WAPUM-300 series, all running firmware versions up to and including v1.05_B04 or v1.00_B07 respectively. This widespread impact across multiple product lines suggests a fundamental flaw in the input validation implementation within the administrative interface code. The vulnerability maps to several ATT&CK techniques including T1059.001 for command and scripting interpreter execution and T1566.001 for credential access through network infrastructure components. Organizations should immediately implement network segmentation to limit access to these devices, ensure only authorized administrative personnel have access, and monitor for unusual network activity that might indicate exploitation attempts. Firmware updates from the vendor should be deployed immediately to remediate this vulnerability, as the attack requires only administrative credentials to exploit, making it particularly dangerous in environments where administrative accounts may be compromised through other means.