Reflected Cross-Site Scripting Vulnerability in Wavlink Devices
CVE-2022-34048

6.1MEDIUM

Key Information:

Vendor: Wavlink
Status: Wn533a8 Firmware
Vendor: CVE Published:; 20 July 2022

What is CVE-2022-34048?

The Wavlink WN533A8 device has been found to contain a reflected cross-site scripting (XSS) vulnerability in the login_page parameter. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user session data and leading to unauthorized actions. It is crucial for users and administrators of the affected device to apply available patches and implement appropriate security measures to mitigate the risk of exploitation.

References

https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebyl...

x_refsource_MISC

https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2022
Vulnerability Reserved
Jun 20, 2022