PT-2025-18789 · Wavlink · Wavlink Wl-Wn530Hg4
Summermu
·
Published
2025-04-11
·
Updated
2025-06-13
·
CVE-2025-44868
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Wavlink WL-WN530H4 version 20220801
Description
The issue is related to a command injection vulnerability in the
ping test function of the adm.cgi via the pingIp parameter. This allows attackers to execute arbitrary commands via a crafted request to the API endpoint /adm.cgi.Recommendations
For Wavlink WL-WN530H4 version 20220801, as a temporary workaround, consider disabling the
ping test function until a patch is available. Restrict access to the adm.cgi module to minimize the risk of exploitation. Avoid using the pingIp parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wavlink Wl-Wn530Hg4