Command Injection Vulnerability in WAVLINK Routers
CVE-2022-35525
9.8CRITICAL
What is CVE-2022-35525?
A command injection vulnerability exists in the adm.cgi component of WAVLINK routers, specifically the WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 models. This flaw arises from the lack of input filtering on the led_switch parameter when accessed through the ledonoff.shtml page. An attacker can exploit this vulnerability to execute arbitrary commands on the device, potentially compromising its integrity and security.