CVE-2022-35525

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue concerns a lack of filtering on the led switch parameter in the adm.cgi file, which can lead to command injection when accessing the /ledonoff.shtml page.

Recommendations For WAVLINK WN572HP3, consider disabling access to the /ledonoff.shtml page until a fix is available. For WAVLINK WN533A8, restrict the use of the adm.cgi file to prevent command injection. For WAVLINK WN530H4, avoid using the led switch parameter in the adm.cgi file. For WAVLINK WN535G3, limit access to the adm.cgi file to minimize the risk of exploitation. For WAVLINK WN531P3, as a temporary workaround, consider disabling the adm.cgi file until a patch is available.