Command Injection Vulnerability in WAVLINK Routers
CVE-2022-35519
9.8CRITICAL
What is CVE-2022-35519?
The WAVLINK routers, specifically models WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3, contain a command injection vulnerability in the firewall.cgi script. This occurs due to inadequate filtering of the 'add_mac' parameter, allowing malicious users to execute arbitrary commands when interacting with the '/cli_black_list.shtml' page. This exposure could lead to unauthorized access and potential manipulation of the network router’s functionalities.