CVE-2022-35520: Command Injection
First published: Wed Aug 10 2022(Updated: )
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wavlink Wn572hp3 Firmware | ||
| WAVLINK WN572HP3 | ||
| Wavlink Wn533a8 Firmware | ||
| Wavlink WN533A8 | ||
| Wavlink Wn530h4 Firmware | ||
| Wavlink WN530H4 | ||
| Wavlink Wn535g3 Firmware | ||
| Wavlink WN535G3 | ||
| Wavlink Wn531p3 Firmware | ||
| Wavlink Wn531p3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-35520?
CVE-2022-35520 is a vulnerability found in WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 routers, where the api.cgi script does not filter the ufconf parameter, allowing for command injection in the /ledonoff.shtml page.
How severe is CVE-2022-35520?
CVE-2022-35520 has a severity value of 9.8, which is considered critical.
What software is affected by CVE-2022-35520?
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 routers are affected by CVE-2022-35520.
How can I fix CVE-2022-35520?
There is currently no official fix or patch available for CVE-2022-35520. It is recommended to update to the latest firmware version provided by the vendor if one becomes available in the future.
Where can I find more information about CVE-2022-35520?
You can find more information about CVE-2022-35520 at the following link: [GitHub - Wavlink Router AC1200 - Page /ledonoff.shtml Hidden Parameter 'ufconf' Command Injection in api.cgi](https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-hidden-parameter-ufconf-command-injection-in-apicgi)
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/references
- agent/tags
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- vendor/wavlink
- canonical/wavlink wn572hp3 firmware
- canonical/wavlink wn572hp3
- canonical/wavlink wn533a8 firmware
- canonical/wavlink wn533a8
- canonical/wavlink wn530h4 firmware
- canonical/wavlink wn530h4
- canonical/wavlink wn535g3 firmware
- canonical/wavlink wn535g3
- canonical/wavlink wn531p3 firmware
- canonical/wavlink wn531p3