wpa-mcp

The `browser_run_script` tool, which executes Playwright automation scripts, uses `import(scriptUrl)` where `scriptUrl` is constructed from user-provided `script_name` without robust path traversal validation. This poses a critical arbitrary code execution vulnerability if an attacker can craft the `script_name` parameter to point to a malicious JavaScript file on the server. Additionally, Playwright is launched with `--no-sandbox` which disables important security isolation mechanisms, increasing the risk when interacting with untrusted web content. Many core functionalities (e.g., `wpa_cli`, `dhclient`, `ip`, `pkill`) are executed with `sudo` privileges, making the application a high-privilege target. Any successful command injection would lead to system-level compromise. While some input quoting is present, the extensive use of `execAsync` and `spawn` with `sudo` presents a large attack surface. The server listens on `0.0.0.0` by default, exposing its API to the network, which requires careful firewall configuration.