CVE-2022-35524

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue is related to a lack of filtering on parameters in the adm.cgi file, which leads to command injection in the /wizard rep.shtml page. The affected parameters include wlan signal, web pskValue, sel EncrypTyp, sel Automode, wlan bssid, wlan ssid, and wlan channel.

Recommendations For WAVLINK WN572HP3, consider disabling access to the adm.cgi file until a patch is available. For WAVLINK WN533A8, restrict the use of the parameters wlan signal, web pskValue, sel EncrypTyp, sel Automode, wlan bssid, wlan ssid, and wlan channel in the adm.cgi file to minimize the risk of exploitation. For WAVLINK WN530H4, avoid using the /wizard rep.shtml page until the issue is resolved. For WAVLINK WN535G3, restrict access to the adm.cgi file to prevent command injection. For WAVLINK WN531P3, consider disabling the adm.cgi file until a fix is available.