4 matches found
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
CVE-2022-35520
CVE-2022-35520 affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 where the api.cgi component does not filter the hidden ufconf parameter, which exists in the CGI binary but not in POST data, enabling command injection on the /ledonoff.shtml page. Public references in the connected ...