CVE-2022-35518

Опубликовано: 10 авг. 2022

Источник: nvd

CVSS3: 9.8

CVSS3: 4.6

EPSS Низкий

Описание

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.

Ссылки

https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi
Exploit
Third Party Advisory
https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03867

Низкий

9.8 Critical

CVSS3

4.6 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-77

Связанные уязвимости

GHSA-5gm8-48xh-mxjm

CVSS3: 9.8

github

больше 3 лет назад

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.

EPSS

Процентиль: 88%

0.03867

Низкий

9.8 Critical

CVSS3

4.6 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-77