CVE-2022-34048
published 2022-07-20CVE-2022-34048: Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
PriorityP339medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.09%
91.3th percentile
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavlink | wn533a8_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Wavlink WN533A8 - Cross-Site Scripting (XSS)
exploitdb·2022-08-01·CVSS 6.1
CVE-2022-34048 [MEDIUM] Wavlink WN533A8 - Cross-Site Scripting (XSS)
Wavlink WN533A8 - Cross-Site Scripting (XSS)
---
# Exploit Title: Wavlink WN533A8 - Cross-Site Scripting (XSS)
# Exploit Author: Ahmed Alroky
# Author Company : AIactive
# Version: M33A8.V5030.190716
# Vendor home page : wavlink.com
# Authentication Required: No
# CVE : CVE-2022-34048
# Tested on: Windows
# Poc code
history.pushState('', '', '/')
Nuclei
Wavlink WN-533A8 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-34048 [MEDIUM] Wavlink WN-533A8 - Cross-Site Scripting
Wavlink WN-533A8 - Cross-Site Scripting
Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.
Template:
id: CVE-2022-34048
info:
name: Wavlink WN-533A8 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
reference:
- https://www.exploit-db
https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharinghttps://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharinghttps://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharinghttps://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharing
2022-07-20
Published