Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-35517

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.

Published

2022-08-10T20:15:54.587

Last Modified

2024-11-21T07:11:16.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	wavlink	wn572hp3_firmware	-	Yes
Hardware	wavlink	wn572hp3	-	No
Operating System	wavlink	wn533a8_firmware	-	Yes
Hardware	wavlink	wn533a8	-	No
Operating System	wavlink	wn530h4_firmware	-	Yes
Hardware	wavlink	wn530h4	-	No
Operating System	wavlink	wn535g3_firmware	-	Yes
Hardware	wavlink	wn535g3	-	No
Operating System	wavlink	wn531p3_firmware	-	Yes
Hardware	wavlink	wn531p3	-	No

References

https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi Exploit, Third Party Advisory ([email protected])
https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)