CVE-2022-35517

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*

Information

Published : 2022-08-10 13:15

Updated : 2022-08-12 14:20


NVD link : CVE-2022-35517

Mitre link : CVE-2022-35517


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

wavlink

  • wn535g3_firmware
  • wn533a8
  • wn572hp3_firmware
  • wn535g3
  • wn530h4_firmware
  • wn533a8_firmware
  • wn530h4
  • wn531p3_firmware
  • wn572hp3
  • wn531p3