Описание
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:wavlink:wl-wn535k2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wl-wn535k2:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:wavlink:wl-wn535k3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wl-wn535k3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.93197
Критический
8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 100%
0.93197
Критический
8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78