CVE-2022-35518
published 2022-08-10CVE-2022-35518: WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.51%
71.2th percentile
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavlink | wn531g3 | M31G3.V5030.200325 – M31G3.V5030.200325 | — |
| wavlink | wn531g3_firmware | <= m31g3.v5030.200325 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8qfm-5jpx-jp3v: The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3
ghsa_unreviewed·2022-09-14·CVSS 9.8
CVE-2022-40623 [CRITICAL] CWE-352 GHSA-8qfm-5jpx-jp3v: The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
GHSA
GHSA-5gm8-48xh-mxjm: WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas
ghsa_unreviewed·2022-08-11
CVE-2022-35518 [CRITICAL] CWE-77 GHSA-5gm8-48xh-mxjm: WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-10
Published