First published: Wed Aug 10 2022(Updated: )
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wavlink WN572HP3 Firmware | ||
Wavlink WN572HP3 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WL-WN533A8 Firmware | ||
Wavlink WL-WN530H4 Firmware | ||
Wavlink Wl-wn530h4 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WL-WN535K3 Firmware | ||
WAVLINK WN531P3 | ||
WAVLINK WN531P3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-35535 is a vulnerability in the WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 routers' wireless.cgi file, where the 'macAddr' parameter is not filtered, allowing for command injection in the /wifi_mesh.shtml page.
CVE-2022-35535 has a severity rating of 9.8 (Critical).
The WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 routers are affected by CVE-2022-35535.
The CVE-2022-35535 vulnerability can be exploited by injecting commands through the 'macAddr' parameter in the wireless.cgi file, specifically on the /wifi_mesh.shtml page.
At the moment, there is no official fix available for CVE-2022-35535. It is recommended to follow any security advisories from the vendor and apply updates or patches when they become available.