CVE-2022-35523

2022-08-0919:50:17

mitre

www.cve.org

wavlink wn572hp3

wn533a8

wn530h4

wn535g3

wn531p3

firewall.cgi

command injection

parameter del_mac

parameter flag

page /cli_black_list.shtml

cve-2022-35523

AI Score

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.

References

github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-adding-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi