Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-35536

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.

Published

2022-08-10T20:15:57.453

Last Modified

2024-11-21T07:11:18.760

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	wavlink	wn572hp3_firmware	-	Yes
Hardware	wavlink	wn572hp3	-	No
Operating System	wavlink	wn533a8_firmware	-	Yes
Hardware	wavlink	wn533a8	-	No
Operating System	wavlink	wn530h4_firmware	-	Yes
Hardware	wavlink	wn530h4	-	No
Operating System	wavlink	wn535g3_firmware	-	Yes
Hardware	wavlink	wn535g3	-	No
Operating System	wavlink	wn531p3_firmware	-	Yes
Hardware	wavlink	wn531p3	-	No

References

https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi Exploit, Third Party Advisory ([email protected])
https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)