CVE-2022-35522

CVSS 9.8 - CRITICAL
Description

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.

Affected Products
10
Vendor Product Version
wavlink wn572hp3_firmware -
wavlink wn572hp3 -
wavlink wn533a8_firmware -
wavlink wn533a8 -
wavlink wn530h4_firmware -
wavlink wn530h4 -
wavlink wn535g3_firmware -
wavlink wn535g3 -
wavlink wn531p3_firmware -
wavlink wn531p3 -
References
https://github.com/TyeYeah/othercveinfo/blob/main/...
https://github.com/TyeYeah/othercveinfo/blob/main/...
Weakness Types
NVD-CWE-Other
CVE Information
CVE ID:
CVE-2022-35522
Published:
2022-08-10
Modified:
2024-11-21
CVSS Score:
9.8
Severity:
CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
wavlink
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL