CVE-2022-35534

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue is related to a lack of filtering on the hiddenSSID32g and SSID2G2 parameters in the wireless.cgi file, which leads to command injection in the /wifi multi ssid.shtml page.

Recommendations For WAVLINK WN572HP3, consider disabling access to the /wifi multi ssid.shtml page until a patch is available. For WAVLINK WN533A8, restrict the use of the hiddenSSID32g and SSID2G2 parameters in the wireless.cgi file. For WAVLINK WN530H4, avoid using the vulnerable parameters in the affected API endpoint until the issue is resolved. For WAVLINK WN535G3, temporarily disable the wireless.cgi file to prevent command injection. For WAVLINK WN531P3, restrict access to the vulnerable page /wifi multi ssid.shtml to minimize the risk of exploitation.