A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows malicious users to execute arbitrary code via a crafted POST request.
wavlink wn535g3_firmware m35g3r.v5030.180927