CVE-2022-35535

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue is related to the lack of filtering on the macAddr parameter in the wireless.cgi file, which leads to command injection in the /wifi mesh.shtml page.

Recommendations For WAVLINK WN572HP3, consider disabling access to the /wifi mesh.shtml page until a patch is available. For WAVLINK WN533A8, restrict the use of the macAddr parameter in the wireless.cgi file to minimize the risk of exploitation. For WAVLINK WN530H4, avoid using the vulnerable wireless.cgi file until the issue is resolved. For WAVLINK WN535G3, restrict access to the wireless.cgi file to prevent command injection. For WAVLINK WN531P3, consider disabling the wireless.cgi file until a fix is provided.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-35535

Affected Products

Wavlink Wn530H4

Wavlink Wn531P3

Wavlink Wn533A8

Wavlink Wn535G3

Wavlink Wn572Hp3

CVE-2022-35535

Related Identifiers

Affected Products

References · 4