CVE-2023-32622: OS Command Injection
First published: Fri Jun 30 2023(Updated: )
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wavlink Wl-wn531ax2 Firmware | <2023526 | |
| Wavlink Wl-wn531ax2 | ||
| All of | ||
| Wavlink Wl-wn531ax2 Firmware | <2023526 | |
| Wavlink Wl-wn531ax2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-32622.
What is the severity level of CVE-2023-32622?
The severity level of CVE-2023-32622 is high (7.2).
What is the affected software for CVE-2023-32622?
The affected software for CVE-2023-32622 is Wavlink Wl-wn531ax2 firmware versions prior to 2023526.
How can an attacker exploit CVE-2023-32622?
An attacker with administrative privilege can exploit CVE-2023-32622 by executing OS commands with root privilege.
Are there any references for CVE-2023-32622?
Yes, you can find references for CVE-2023-32622 at the following links: [JVN](https://jvn.jp/en/jp/JVN78634340/) and [Wavlink](https://www.wavlink.com/en_us/firmware/details/932108ffc5.html).
- collector/nvd-index
- agent/references
- agent/type
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- vendor/wavlink
- canonical/wavlink wl-wn531ax2 firmware
- canonical/wavlink wl-wn531ax2