cbcvebase.
CVE-2022-35518
published 2022-08-10

CVE-2022-35518: WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.51%
71.2th percentile
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.

Affected

2 ranges
VendorProductVersion rangeFixed in
wavlinkwn531g3M31G3.V5030.200325 – M31G3.V5030.200325
wavlinkwn531g3_firmware<= m31g3.v5030.200325
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.