The ZTE MC801A is a 5g indoor WiFi router from China’s ZTE (ZTE). The ZTE MC801A suffers from an input validation vulnerability in the handling of multiple network parameters, which can be exploited by a remote attacker to submit a special request that can be used in the application context to execute arbitrary commands.