Command Injection Vulnerability in WAVLINK Routers
CVE-2022-35521
9.8CRITICAL
What is CVE-2022-35521?
WAVLINK routers, including models WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3, contain a security vulnerability within the 'firewall.cgi' file. It lacks proper input filtering on several parameters such as 'remoteManagementEnabled', 'blockPortScanEnabled', 'pingFrmWANFilterEnabled', and 'blockSynFloodEnabled'. This oversight allows attackers to execute arbitrary commands through the vulnerable endpoint, particularly at '/man_security.shtml', which can lead to unauthorized access and manipulation of device settings.