Command Injection Vulnerability in WAVLINK Wireless Products
CVE-2022-35538
9.8CRITICAL
What is CVE-2022-35538?
The WAVLINK wireless routers, including models WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3, expose a command injection vulnerability in their wireless.cgi script. This vulnerability arises due to the lack of input validation on specific parameters—delete_list, delete_al_mac, b_delete_list, and b_delete_al_mac—within the /wifi_mesh.shtml page. Attackers can exploit this vulnerability to execute arbitrary commands on the affected devices, potentially leading to serious security breaches. Users are advised to implement mitigation measures promptly.