CVE-2022-2486

Name of the Vulnerable Software and Affected Versions WAVLINK WN535K2 WAVLINK WN535K3

Description A critical issue was found in the file /cgi-bin/mesh.cgi?page=upgrade, where the manipulation of the key argument leads to os command injection. The exploit has been disclosed to the public and may be used.

Recommendations For WAVLINK WN535K2, as a temporary workaround, consider restricting access to the /cgi-bin/mesh.cgi?page=upgrade endpoint until a patch is available. For WAVLINK WN535K3, as a temporary workaround, consider restricting access to the /cgi-bin/mesh.cgi?page=upgrade endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.