PT-2022-22891 · Wavlink · Wavlink Wn535G3+4
Published
2022-08-09
·
Updated
2023-08-08
·
CVE-2022-35533
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WAVLINK WN572HP3
WAVLINK WN533A8
WAVLINK WN530H4
WAVLINK WN535G3
WAVLINK WN531P3
Description
The issue affects the qos.cgi page, specifically the /qos.shtml endpoint, where the
cli list and cli num parameters have no filtering, leading to command injection.Recommendations
For WAVLINK WN572HP3, update the firmware to remove the vulnerability in the qos.cgi page.
For WAVLINK WN533A8, update the firmware to remove the vulnerability in the qos.cgi page.
For WAVLINK WN530H4, update the firmware to remove the vulnerability in the qos.cgi page.
For WAVLINK WN535G3, update the firmware to remove the vulnerability in the qos.cgi page.
For WAVLINK WN531P3, update the firmware to remove the vulnerability in the qos.cgi page.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wavlink Wn530H4
Wavlink Wn531P3
Wavlink Wn533A8
Wavlink Wn535G3
Wavlink Wn572Hp3