CVE-2022-35518

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue is related to a lack of filtering on parameters: User1Passwd and User1 in the nas.cgi file, which leads to command injection in the /nas disk.shtml page.

Recommendations For WAVLINK WN572HP3, update the firmware to remove the vulnerability in the nas.cgi file. For WAVLINK WN533A8, update the firmware to remove the vulnerability in the nas.cgi file. For WAVLINK WN530H4, update the firmware to remove the vulnerability in the nas.cgi file. For WAVLINK WN535G3, update the firmware to remove the vulnerability in the nas.cgi file. For WAVLINK WN531P3, update the firmware to remove the vulnerability in the nas.cgi file.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2022-35518

Affected Products

Wavlink Wn530H4

Wavlink Wn531P3

Wavlink Wn533A8

Wavlink Wn535G3

Wavlink Wn572Hp3

CVE-2022-35518

Weakness Enumeration

Related Identifiers

Affected Products

References · 6