PT-2022-22881 · Wavlink · Wavlink Wn535G3+4
Published
2022-08-09
·
Updated
2023-08-08
·
CVE-2022-35519
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WAVLINK WN572HP3
WAVLINK WN533A8
WAVLINK WN530H4
WAVLINK WN535G3
WAVLINK WN531P3
Description
The issue concerns a lack of filtering on the
add mac parameter in the firewall.cgi, leading to command injection in the /cli black list.shtml page.Recommendations
For WAVLINK WN572HP3, update the firmware to remove the command injection vulnerability in the firewall.cgi.
For WAVLINK WN533A8, update the firmware to remove the command injection vulnerability in the firewall.cgi.
For WAVLINK WN530H4, update the firmware to remove the command injection vulnerability in the firewall.cgi.
For WAVLINK WN535G3, update the firmware to remove the command injection vulnerability in the firewall.cgi.
For WAVLINK WN531P3, update the firmware to remove the command injection vulnerability in the firewall.cgi.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wavlink Wn530H4
Wavlink Wn531P3
Wavlink Wn533A8
Wavlink Wn535G3
Wavlink Wn572Hp3