Reflected Cross-Site Scripting Vulnerability in Wavlink Devices
CVE-2022-34048

6.1MEDIUM

Key Information:

Vendor

Wavlink

Status
Wn533a8 Firmware
Vendor
CVE Published:
20 July 2022

What is CVE-2022-34048?

The Wavlink WN533A8 device has been found to contain a reflected cross-site scripting (XSS) vulnerability in the login_page parameter. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user session data and leading to unauthorized actions. It is crucial for users and administrators of the affected device to apply available patches and implement appropriate security measures to mitigate the risk of exploitation.

References

https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebyl...
x_refsource_MISC
https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.