Stellar Lab

**Name of the Vulnerable Software and Affected Versions** WAVLINK WN530H4 versions up to 20221028 WAVLINK WN530HG4 versions up to 20221028 WAVLINK WN572HG3 versions up to 20221028 **Description** A critical issue affects the `set ipv6` function of the `firewall.cgi` file, where manipulation of the `dhcpGateway` argument leads to command injection. This issue can be initiated remotely. The vendor was contacted about the disclosure but did not respond. **Recommendations** For WAVLINK WN530H4 versions up to 20221028, consider disabling the `set ipv6` function in the `firewall.cgi` file as a temporary workaround until a patch is available. For WAVLINK WN530HG4 versions up to 20221028, consider disabling the `set ipv6` function in the `firewall.cgi` file as a temporary workaround until a patch is available. For WAVLINK WN572HG3 versions up to 20221028, consider disabling the `set ipv6` function in the `firewall.cgi` file as a temporary workaround until a patch is available. Avoid using the `dhcpGateway` argument in the affected `firewall.cgi` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WAVLINK WN530H4 versions up to 20221028 WAVLINK WN530HG4 versions up to 20221028 WAVLINK WN572HG3 versions up to 20221028 **Description** A critical vulnerability has been found, affecting the function `set ipv6` of the file `internet.cgi`. The manipulation of the arguments `IPv6OpMode`, `IPv6IPAddr`, `IPv6WANIPAddr`, and `IPv6GWAddr` leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For WAVLINK WN530H4 versions up to 20221028, consider disabling the `set ipv6` function in the `internet.cgi` file until a patch is available. For WAVLINK WN530HG4 versions up to 20221028, consider disabling the `set ipv6` function in the `internet.cgi` file until a patch is available. For WAVLINK WN572HG3 versions up to 20221028, consider disabling the `set ipv6` function in the `internet.cgi` file until a patch is available. As a temporary workaround, avoid using the arguments `IPv6OpMode`, `IPv6IPAddr`, `IPv6WANIPAddr`, and `IPv6GWAddr` in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WAVLINK WN530H4 versions up to 20221028 WAVLINK WN530HG4 versions up to 20221028 WAVLINK WN572HG3 versions up to 20221028 **Description** A critical issue affects the function `ping ddns` of the file `internet.cgi`. The manipulation of the argument `DDNS` leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For WAVLINK WN530H4 versions up to 20221028, consider disabling the `ping ddns` function until a patch is available. For WAVLINK WN530HG4 versions up to 20221028, restrict access to the `internet.cgi` file to minimize the risk of exploitation. For WAVLINK WN572HG3 versions up to 20221028, avoid using the `DDNS` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WAVLINK WN530H4, WN530HG4, and WN572HG3 versions up to 20221028 **Description** A critical issue affects the Front-End Authentication Page, specifically the function `Goto chidx` of the file `login.cgi`. The manipulation of the argument `wlanUrl` leads to a stack-based buffer overflow. This issue can only be exploited within the local network. The exploit has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** For WAVLINK WN530H4, WN530HG4, and WN572HG3 versions up to 20221028, as a temporary workaround, consider disabling the `Goto chidx` function until a patch is available. Restrict access to the `login.cgi` file to minimize the risk of exploitation. Avoid using the `wlanUrl` argument in the affected authentication page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.