Описание
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:wavlink:wl-wn535k2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wl-wn535k2:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:wavlink:wl-wn535k3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wl-wn535k3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.93118
Критический
8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 100%
0.93118
Критический
8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78