CVE-2022-35538

Name of the Vulnerable Software and Affected Versions WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3

Description The issue is related to the wireless.cgi file, which has no filtering on parameters: delete list, delete al mac, b delete list, and b delete al mac. This lack of filtering leads to command injection in the page /wifi mesh.shtml.

Recommendations For WAVLINK WN572HP3, consider disabling access to the /wifi mesh.shtml page until a patch is available. For WAVLINK WN533A8, restrict the use of parameters delete list, delete al mac, b delete list, and b delete al mac in the wireless.cgi file. For WAVLINK WN530H4, avoid using the vulnerable parameters in the affected API endpoint until the issue is resolved. For WAVLINK WN535G3, restrict access to the wireless.cgi file to minimize the risk of exploitation. For WAVLINK WN531P3, consider disabling the wireless.cgi file until a patch is available.