Описание
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
Ссылки
- ExploitThird Party Advisory
- ProductVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:wavlink:wl-wn531p3_firmware:m31g3.v5030.201204:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wl-wn531p3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05849
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
EPSS
Процентиль: 90%
0.05849
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78