Vulnerabilities > CVE-2022-35533 - Unspecified vulnerability in Wavlink products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wavlink

critical

NVD

Published: 2022-08-10

Updated: 2023-08-08

Summary

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.

Vulnerable Configurations

Part	Description	Count
OS	Wavlink Wavlink Wn572Hp3 Firmware - Wavlink Wn533A8 Firmware - Wavlink Wn530H4 Firmware - Wavlink Wn535G3 Firmware - Wavlink Wn531P3 Firmware -	5
Hardware	Wavlink Wavlink Wn572Hp3 - Wavlink Wn533A8 - Wavlink Wn530H4 - Wavlink Wn535G3 - Wavlink Wn531P3 -	5

References

https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-hidden-parameters-command-injection-in-qoscgi