CVE-2022-35522

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue is related to a lack of filtering on certain parameters in the adm.cgi file, specifically ppp username, ppp passwd, rwan gateway, rwan mask, and rwan ip. This lack of filtering leads to command injection in the /wan.shtml page.

Recommendations For WAVLINK WN572HP3, update the firmware to remove the vulnerability in the adm.cgi file by filtering parameters ppp username, ppp passwd, rwan gateway, rwan mask, and rwan ip. For WAVLINK WN533A8, update the firmware to remove the vulnerability in the adm.cgi file by filtering parameters ppp username, ppp passwd, rwan gateway, rwan mask, and rwan ip. For WAVLINK WN530H4, update the firmware to remove the vulnerability in the adm.cgi file by filtering parameters ppp username, ppp passwd, rwan gateway, rwan mask, and rwan ip. For WAVLINK WN535G3, update the firmware to remove the vulnerability in the adm.cgi file by filtering parameters ppp username, ppp passwd, rwan gateway, rwan mask, and rwan ip. For WAVLINK WN531P3, update the firmware to remove the vulnerability in the adm.cgi file by filtering parameters ppp username, ppp passwd, rwan gateway, rwan mask, and rwan ip.