CVE-2022-35535

Published: Aug 10, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.

Affected (5)

Products: Wavlink: Wn572hp3 Firmware, Wn533a8 Firmware, Wn530h4 Firmware, Wn535g3 Firmware, Wn531p3 Firmware

5 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wn572hp3 Firmware	All versions

Running on/with	Platform Versions
Wavlink Wn572hp3	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wn533a8 Firmware	All versions

Running on/with	Platform Versions
Wavlink Wn533a8	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wn530h4 Firmware	All versions

Running on/with	Platform Versions
Wavlink Wn530h4	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wn535g3 Firmware	All versions

Running on/with	Platform Versions
Wavlink Wn535g3	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wn531p3 Firmware	All versions

Running on/with	Platform Versions
Wavlink Wn531p3	All versions

References (2)

https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.