Command Injection Vulnerability in WAVLINK Routers
CVE-2022-35533
9.8CRITICAL
What is CVE-2022-35533?
The WAVLINK routers including models WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 are impacted by a command injection vulnerability in the qos.cgi script. The lack of parameter filtering on cli_list
and cli_num
allows attackers to inject arbitrary commands via the /qos.shtml
page, potentially leading to unauthorized access and control over the devices. Users are advised to take precautionary measures to secure their devices against exploitation.