First published: Wed Aug 10 2022(Updated: )
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wavlink WN572HP3 Firmware | ||
Wavlink WN572HP3 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WL-WN533A8 Firmware | ||
Wavlink WL-WN530H4 Firmware | ||
Wavlink Wl-wn530h4 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WL-WN535K3 Firmware | ||
WAVLINK WN531P3 | ||
WAVLINK WN531P3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-35525 is a vulnerability in WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 routers that allows command injection in page /ledonoff.shtml.
CVE-2022-35525 has a severity rating of 9.8 (critical).
Wavlink Wn572hp3 Firmware, Wavlink Wn533a8 Firmware, Wavlink Wn530h4 Firmware, Wavlink Wn535g3 Firmware, and Wavlink Wn531p3 Firmware are affected by CVE-2022-35525.
The CWE ID for CVE-2022-35525 is 77.
There is currently no known fix for CVE-2022-35525. It is recommended to update the firmware of affected WAVLINK routers when a security patch becomes available.