CVE-2022-35525

Опубликовано: 10 авг. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.

Ссылки

https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi
Exploit
Third Party Advisory
https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.05029

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-v4jr-h68q-3mjh

CVSS3: 9.8

github

больше 3 лет назад

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.

EPSS

Процентиль: 89%

0.05029

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-Other