TROYANOSYVIRUS
Voltar para CVEs

CVE-2022-35538

CRITICAL
9.8

Descricao

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/10/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

wavlink:wn530h4wavlink:wn530h4_firmwarewavlink:wn531p3wavlink:wn531p3_firmwarewavlink:wn533a8wavlink:wn533a8_firmwarewavlink:wn535g3wavlink:wn535g3_firmwarewavlink:wn572hp3wavlink:wn572hp3_firmware

Referencias

https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi(cve@mitre.org)
https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.