Command Injection Vulnerability in WAVLINK Routers
CVE-2022-35517
8.8HIGH
What is CVE-2022-35517?
A command injection vulnerability exists in various WAVLINK router models due to insufficient filtering of parameters in the admin interface. Specifically, the parameters such as web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd, and ppp_setver can be exploited through the /wizard_router_mesh.shtml page. This flaw poses a risk of unauthorized command execution, potentially allowing attackers to gain control over the affected devices.