CVE-2022-30489

Name of the Vulnerable Software and Affected Versions WAVLINK WN535 G3 (affected versions not specified)

Description The issue exists due to inadequate protection of the web page structure in the /cgi-bin/login.cgi component of the WAVLINK WN535 G3 WiFi repeater's firmware. This allows a remote attacker to conduct a cross-site scripting (XSS) attack via the hostname parameter at the "/cgi-bin/login.cgi" API endpoint.

Recommendations As a temporary workaround, consider restricting access to the "/cgi-bin/login.cgi" API endpoint until a patch is available. Avoid using the hostname parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.