Command Injection Vulnerability in WAVLINK Network Devices
CVE-2022-35518
9.8CRITICAL
What is CVE-2022-35518?
The WAVLINK network devices, including models like WN572HP3 and WN535G3, are susceptible to a command injection vulnerability found in the nas.cgi script. This issue arises from inadequate filtering of the parameters User1Passwd and User1, allowing attackers to inject arbitrary commands when accessing the /nas_disk.shtml page. Exploitation of this vulnerability can lead to unauthorized execution of harmful commands on the affected devices, posing significant risks to the integrity and security of the network.