ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the set_ledonoff function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to cause command injection by passing the led_cmd parameter value directly to do_system.