Summermu

**Name of the Vulnerable Software and Affected Versions** Wavlink WN535K3 version 20191010 **Description** The Wavlink WN535K3 router contains a command injection vulnerability in the `set sys cmd` function through the `command` parameter. This allows attackers to execute arbitrary commands via a crafted request. **Recommendations** As a temporary workaround, consider disabling the `set sys cmd` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wavlink WN535K3 version 20191010 **Description** A command injection vulnerability exists in the `set sys adm` function of the Wavlink WN535K3 router. The vulnerability is triggered through manipulation of the `username` parameter, allowing attackers to execute arbitrary commands via a crafted request. **Recommendations** As a temporary workaround, restrict access to the `set sys adm` function until a patch is available. Avoid using the `username` parameter in requests to the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-WN530H4 version 20220801 **Description** The issue is related to a command injection vulnerability in the `ping test` function of the `adm.cgi` via the `pingIp` parameter. This allows attackers to execute arbitrary commands via a crafted request to the API endpoint `/adm.cgi`. **Recommendations** For Wavlink WL-WN530H4 version 20220801, as a temporary workaround, consider disabling the `ping test` function until a patch is available. Restrict access to the `adm.cgi` module to minimize the risk of exploitation. Avoid using the `pingIp` parameter in the affected API endpoint until the issue is resolved.