Command Injection Vulnerability in Wavlink WN535K3 Router
CVE-2025-50756

9.8CRITICAL

Key Information:

Vendor: Wavlink
Status: WN535K3 Router
Vendor: CVE Published:; 14 July 2025

What is CVE-2025-50756?

A command injection vulnerability exists in the Wavlink WN535K3 Router, specifically in the set_sys_adm function. This issue arises from improper input validation of the newpass parameter, allowing attackers to send crafted requests that trigger the execution of arbitrary commands on the affected device. This exposes the device to potential unauthorized access and exploitation. Ensuring robust security measures and implementing necessary patches is crucial for safeguarding against this vulnerability.

References

https://github.com/Summermu/VulnForIoT/tree/main/Wavlink_...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025
Vulnerability Reserved
Jun 16, 2025