Below listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page (ping.cgi) on wireless router and inject commands to compromise full system/network.
1) Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023
2) Command injection vulnerability - CVE-2016-6024
Vulnerable module/page/application: ping.cgi
Vulnerable parameter: DIA_IPADDRESS
PoC URL: http(s)://<victim_IP>/ping.cgi?DIA_IPADDRESS=126.96.36.199;cat%20/etc/passwd