CVE-2022-2487

Name of the Vulnerable Software and Affected Versions WAVLINK WN535K2 WAVLINK WN535K3

Description A critical issue has been identified, affecting the /cgi-bin/nightled.cgi file. The manipulation of the start hour argument leads to os command injection. The exploit has been disclosed to the public and may be used.

Recommendations For WAVLINK WN535K2, restrict access to the /cgi-bin/nightled.cgi file to minimize the risk of exploitation. For WAVLINK WN535K3, avoid using the start hour argument in the affected API endpoint until the issue is resolved. As a temporary workaround, consider disabling the nightled.cgi functionality until a patch is available.