CVE-2022-23900: OS Command Injection
First published: Thu Apr 07 2022(Updated: )
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wavlink Wl-wn531p3 Firmware | =m31g3.v5030.201204 | |
| Wavlink WL-WN531P3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-23900?
CVE-2022-23900 is a command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204.
How does CVE-2022-23900 occur?
CVE-2022-23900 occurs when an attacker sends a malicious POST request through /cgi-bin/adm.cgi, allowing unauthorized remote code execution.
What is the severity of CVE-2022-23900?
CVE-2022-23900 has a severity rating of 9.8 (critical).
Which software version is affected by CVE-2022-23900?
The Wavlink WL-WN531P3 router, version M31G3.V5030.201204, is affected by CVE-2022-23900.
How can I fix CVE-2022-23900?
To fix CVE-2022-23900, users should update their Wavlink WL-WN531P3 router firmware to a version that addresses the vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/wavlink
- canonical/wavlink wl-wn531p3 firmware
- version/wavlink wl-wn531p3 firmware/m31g3.v5030.201204
- canonical/wavlink wl-wn531p3