Vulnerabilities > CVE-2022-35519 - Unspecified vulnerability in Wavlink products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wavlink

critical

NVD

Published: 2022-08-10

Updated: 2023-08-08

Summary

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.

Vulnerable Configurations

Part	Description	Count
OS	Wavlink Wavlink Wn572Hp3 Firmware - Wavlink Wn533A8 Firmware - Wavlink Wn530H4 Firmware - Wavlink Wn535G3 Firmware - Wavlink Wn531P3 Firmware -	5
Hardware	Wavlink Wavlink Wn572Hp3 - Wavlink Wn533A8 - Wavlink Wn530H4 - Wavlink Wn535G3 - Wavlink Wn531P3 -	5

References

https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-deleting-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi