Command Injection Vulnerability in WAVLINK Routers
CVE-2022-35519

9.8CRITICAL

Key Information:

Vendor

Wavlink

Vendor
CVE Published:
10 August 2022

What is CVE-2022-35519?

The WAVLINK routers, specifically models WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3, contain a command injection vulnerability in the firewall.cgi script. This occurs due to inadequate filtering of the 'add_mac' parameter, allowing malicious users to execute arbitrary commands when interacting with the '/cli_black_list.shtml' page. This exposure could lead to unauthorized access and potential manipulation of the network router’s functionalities.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.