CVE-2022-2488

🗓️ 20 Jul 2022 11:35:34Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 159 Views🌐 WEB

Vulnerability in WAVLINK WN535K2 and WN535K3 allows OS command injection via /cgi-bin/touchlist_sync.cg

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2022-2488	20 Jul 202200:00	–	attackerkb
Circl	CVE-2022-2488	20 Jul 202216:20	–	circl
CNNVD	WAVLINK WN535K2 和 WN535K3 操作系统命令注入漏洞	20 Jul 202200:00	–	cnnvd
Check Point Advisories	Wavlink Routers Command Injection (CVE-2022-2486; CVE-2022-2488)	6 Nov 202200:00	–	checkpoint_advisories
Cvelist	CVE-2022-2488 WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection	20 Jul 202211:35	–	cvelist
Nuclei	Wavlink WN535K2/WN535K3 - OS Command Injection	1 Jun 202605:38	–	nuclei
NVD	CVE-2022-2488	20 Jul 202212:15	–	nvd
Prion	Command injection	20 Jul 202212:15	–	prion
Positive Technologies	PT-2022-16952 · Wavlink · Wavlink Wn535G3 +1	20 Jul 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2488	5 Feb 202521:18	–	redhatcve

NVD

Node

wavlink wl-wn535k2_firmwareMatch-

AND

wavlink wl-wn535k2Match-

Node

wavlink wl-wn535k3_firmwareMatch-

AND

wavlink wl-wn535k3Match-

[
  {
    "product": "WN535K2",
    "vendor": "WAVLINK",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  },
  {
    "product": "WN535K3",
    "vendor": "WAVLINK",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Source	Link
github	www.github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20touchlist_sync.cgi.md
vuldb	www.vuldb.com/
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2024-1999

Parameter	Position	Path	Description	CWE
IP	query param	/cgi-bin/touchlist_sync.cgi	OS command injection via manipulation of IP parameter in touchlist_sync.cgi	CWE-78

14 Jan 2025 16:15Current

9.2High risk

Vulners AI Score9.2

CVSS 3.18 - 9.8

EPSS0.9332

SSVC