PT-2022-22886 · Wavlink · Wavlink Wn535G3+4
Published
2022-08-09
·
Updated
2023-08-08
·
CVE-2022-35523
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WAVLINK WN572HP3
WAVLINK WN533A8
WAVLINK WN530H4
WAVLINK WN535G3
WAVLINK WN531P3
Description
The issue concerns a lack of filtering on the
del mac and flag parameters in the firewall.cgi, leading to command injection in the /cli black list.shtml page.Recommendations
For WAVLINK WN572HP3, update the firmware to remove the vulnerability in the firewall.cgi.
For WAVLINK WN533A8, update the firmware to remove the vulnerability in the firewall.cgi.
For WAVLINK WN530H4, update the firmware to remove the vulnerability in the firewall.cgi.
For WAVLINK WN535G3, update the firmware to remove the vulnerability in the firewall.cgi.
For WAVLINK WN531P3, update the firmware to remove the vulnerability in the firewall.cgi.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wavlink Wn530H4
Wavlink Wn531P3
Wavlink Wn533A8
Wavlink Wn535G3
Wavlink Wn572Hp3