CVE-2022-30489
published 2022-05-13CVE-2022-30489: WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
PriorityP340medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.83%
88.8th percentile
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Wavlink WN-535G3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-30489 [MEDIUM] Wavlink WN-535G3 - Cross-Site Scripting
Wavlink WN-535G3 - Cross-Site Scripting
Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.
Template:
id: CVE-2022-30489
info:
name: Wavlink WN-535G3 - Cross-Site Scripting
author: For3stCo1d
severity: medium
description: |
Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
reference:
- https://github.com/badboycxcc/XS
Nuclei
WAVLINK WN535 G3 - Information Disclosure
nuclei·CVSS 6.1
CVE-2022-31845 [MEDIUM] WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-31845
info:
name: WAVLINK WN535 G3 - Information Disclosure
author: arafatansari
severity: high
description: |
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
impact: |
Nuclei
WAVLINK WN535 G3 - Information Disclosure
nuclei·CVSS 6.1
CVE-2022-31846 [MEDIUM] WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-31846
info:
name: WAVLINK WN535 G3 - Information Disclosure
author: arafatansari
severity: high
description: |
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can exploit this
2022-05-13
Published