Command Injection Vulnerability in WAVLINK Wireless Routers
CVE-2022-35535

9.8CRITICAL

Key Information:

Vendor

Wavlink

Vendor
CVE Published:
10 August 2022

What is CVE-2022-35535?

A command injection vulnerability exists in the WAVLINK wireless routers WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. The issue arises from the absence of proper filtering on the 'macAddr' parameter within the wireless.cgi file. This flaw can potentially allow an attacker to execute arbitrary commands through the web interface, specifically within the /wifi_mesh.shtml page, posing a risk to device integrity and security. Users of the affected models should take immediate steps to secure their devices and monitor for any unusual activity.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.