CVE-2022-35536

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue is related to a lack of filtering on parameters: qos bandwith and qos dat in the qos.cgi file, which leads to command injection in the page /qos.shtml.

Recommendations For WAVLINK WN572HP3, consider disabling access to the /qos.shtml page until a patch is available. For WAVLINK WN533A8, restrict the use of the qos.cgi file to minimize the risk of exploitation. For WAVLINK WN530H4, avoid using the parameters qos bandwith and qos dat in the affected API endpoint until the issue is resolved. For WAVLINK WN535G3, restrict access to the vulnerable qos.cgi file to minimize the risk of exploitation. For WAVLINK WN531P3, consider disabling the qos.cgi file until a patch is available.