CVE-2022-35518

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*

Information

Published : 2022-08-10 13:15

Updated : 2022-08-15 06:29


NVD link : CVE-2022-35518

Mitre link : CVE-2022-35518


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

wavlink

  • wn535g3_firmware
  • wn533a8
  • wn572hp3_firmware
  • wn535g3
  • wn530h4_firmware
  • wn533a8_firmware
  • wn530h4
  • wn531p3_firmware
  • wn572hp3
  • wn531p3