Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-35524

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.

Published

2022-08-10T20:15:56.097

Last Modified

2024-11-21T07:11:17.767

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	wavlink	wn572hp3_firmware	-	Yes
Hardware	wavlink	wn572hp3	-	No
Operating System	wavlink	wn533a8_firmware	-	Yes
Hardware	wavlink	wn533a8	-	No
Operating System	wavlink	wn530h4_firmware	-	Yes
Hardware	wavlink	wn530h4	-	No
Operating System	wavlink	wn535g3_firmware	-	Yes
Hardware	wavlink	wn535g3	-	No
Operating System	wavlink	wn531p3_firmware	-	Yes
Hardware	wavlink	wn531p3	-	No

References

https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi Exploit, Third Party Advisory ([email protected])
https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)