Command Injection Vulnerability in WAVLINK Wireless Routers
CVE-2022-35535
9.8CRITICAL
What is CVE-2022-35535?
A command injection vulnerability exists in the WAVLINK wireless routers WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. The issue arises from the absence of proper filtering on the 'macAddr' parameter within the wireless.cgi file. This flaw can potentially allow an attacker to execute arbitrary commands through the web interface, specifically within the /wifi_mesh.shtml page, posing a risk to device integrity and security. Users of the affected models should take immediate steps to secure their devices and monitor for any unusual activity.