Lucene search

MitreCVE-2022-34576

HistoryJul 25, 2022 - 10:15 p.m.

CVE-2022-34576

2022-07-2522:15:08

mitre

web.nvd.nist.gov

cve-2022-34576

wavlink

wn535

m35g3r

vulnerability

arbitrary code execution

post request

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.024

Percentile

90.2%

JSON

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.

Affected configurations

Nvd

Node

wavlinkwn535g3_firmwareMatchm35g3r.v5030.180927

AND

wavlinkwn535g3Match-

VendorProductVersionCPE
wavlinkwn535g3_firmwarem35g3r.v5030.180927cpe:2.3:o:wavlink:wn535g3_firmware:m35g3r.v5030.180927:*:*:*:*:*:*:*
wavlinkwn535g3-cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wavlink	wn535g3_firmware	m35g3r.v5030.180927	cpe:2.3:o:wavlink:wn535g3_firmware:m35g3r.v5030.180927:::::::*
wavlink	wn535g3	-	cpe:2.3:h:wavlink:wn535g3:-:::::::*

References

github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN535%20G3_Sensitive%20information%20leakage.md

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.024

Percentile

90.2%

JSON

Related for CVE-2022-34576