Vulnerabilites related to wavlink - wn530h4_firmware
cve-2024-10194
Vulnerability from cvelistv5
Published
2024-10-20 08:00
Modified
2024-10-21 19:54
Severity ?
8.7 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.280968 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.280968 | signature, permissions-required | |
| https://vuldb.com/?submit.422834 | third-party-advisory | |
| https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K | exploit |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wn530h4",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"cpes": [
"cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wn530hg4",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"cpes": [
"cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wn572hg3",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T19:52:45.602669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T19:54:26.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Front-End Authentication Page"
],
"product": "WN530H4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"modules": [
"Front-End Authentication Page"
],
"product": "WN530HG4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"modules": [
"Front-End Authentication Page"
],
"product": "WN572HG3",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stellar Lab (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 ausgemacht. Dabei betrifft es die Funktion Goto_chidx der Datei login.cgi der Komponente Front-End Authentication Page. Mittels Manipulieren des Arguments wlanUrl mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T08:00:06.181Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-280968 | WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.280968"
},
{
"name": "VDB-280968 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.280968"
},
{
"name": "Submit #422834 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.422834"
},
{
"tags": [
"exploit"
],
"url": "https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-19T09:41:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10194",
"datePublished": "2024-10-20T08:00:06.181Z",
"dateReserved": "2024-10-19T07:36:09.437Z",
"dateUpdated": "2024-10-21T19:54:26.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35519
Vulnerability from cvelistv5
Published
2022-08-09 19:55
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-deleting-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:55:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-deleting-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-deleting-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-deleting-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35519",
"datePublished": "2022-08-09T19:55:21",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35533
Vulnerability from cvelistv5
Published
2022-08-09 19:37
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-hidden-parameters-command-injection-in-qoscgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:37:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-hidden-parameters-command-injection-in-qoscgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-hidden-parameters-command-injection-in-qoscgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-hidden-parameters-command-injection-in-qoscgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35533",
"datePublished": "2022-08-09T19:37:25",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35537
Vulnerability from cvelistv5
Published
2022-08-09 19:07
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_meshshtml-hidden-parameter-command-injection-in-wirelesscgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:07:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_meshshtml-hidden-parameter-command-injection-in-wirelesscgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_meshshtml-hidden-parameter-command-injection-in-wirelesscgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_meshshtml-hidden-parameter-command-injection-in-wirelesscgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35537",
"datePublished": "2022-08-09T19:07:33",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10429
Vulnerability from cvelistv5
Published
2024-10-27 21:00
Modified
2024-10-28 14:31
Severity ?
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.281970 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.281970 | signature, permissions-required | |
| https://vuldb.com/?submit.427274 | third-party-advisory | |
| https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/ | exploit |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn530h4_firmware",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"cpes": [
"cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn530hg4_firmware",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"cpes": [
"cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn572hg3_firmware",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10429",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T14:27:51.907664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T14:31:32.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WN530H4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"product": "WN530HG4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"product": "WN572HG3",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stellar Lab (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 entdeckt. Es betrifft die Funktion set_ipv6 der Datei internet.cgi. Durch das Manipulieren des Arguments IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:00:07.693Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-281970 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.281970"
},
{
"name": "VDB-281970 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.281970"
},
{
"name": "Submit #427274 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.427274"
},
{
"tags": [
"exploit"
],
"url": "https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-26T16:28:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10429",
"datePublished": "2024-10-27T21:00:07.693Z",
"dateReserved": "2024-10-26T14:23:38.137Z",
"dateUpdated": "2024-10-28T14:31:32.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10974
Vulnerability from cvelistv5
Published
2020-05-07 17:42
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 | x_refsource_MISC | |
| https://github.com/sudo-jtcsec/Nyra | x_refsource_MISC | |
| https://github.com/Roni-Carta/nyra | x_refsource_MISC | |
| https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T20:12:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974",
"refsource": "MISC",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
},
{
"name": "https://github.com/sudo-jtcsec/Nyra",
"refsource": "MISC",
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"name": "https://github.com/Roni-Carta/nyra",
"refsource": "MISC",
"url": "https://github.com/Roni-Carta/nyra"
},
{
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices",
"refsource": "MISC",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10974",
"datePublished": "2020-05-07T17:42:57",
"dateReserved": "2020-03-26T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35520
Vulnerability from cvelistv5
Published
2022-08-09 19:53
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-hidden-parameter-ufconf-command-injection-in-apicgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn\u0027t appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:53:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-hidden-parameter-ufconf-command-injection-in-apicgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn\u0027t appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-hidden-parameter-ufconf-command-injection-in-apicgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-hidden-parameter-ufconf-command-injection-in-apicgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35520",
"datePublished": "2022-08-09T19:53:56",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35521
Vulnerability from cvelistv5
Published
2022-08-09 19:52
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-man_securityshtml-command-injection-in-firewallcgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:52:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-man_securityshtml-command-injection-in-firewallcgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-man_securityshtml-command-injection-in-firewallcgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-man_securityshtml-command-injection-in-firewallcgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35521",
"datePublished": "2022-08-09T19:52:56",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35536
Vulnerability from cvelistv5
Published
2022-08-09 19:28
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:28:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35536",
"datePublished": "2022-08-09T19:28:33",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10428
Vulnerability from cvelistv5
Published
2024-10-27 20:31
Modified
2024-10-28 14:44
Severity ?
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.281969 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.281969 | signature, permissions-required | |
| https://vuldb.com/?submit.427272 | third-party-advisory | |
| https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/ | exploit |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*",
"cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*",
"cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn572hg3_firmware",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T14:39:30.488779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T14:44:44.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WN530H4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"product": "WN530HG4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"product": "WN572HG3",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stellar Lab (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion set_ipv6 der Datei firewall.cgi. Mittels Manipulieren des Arguments dhcpGateway mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T20:31:05.064Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-281969 | WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.281969"
},
{
"name": "VDB-281969 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.281969"
},
{
"name": "Submit #427272 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.427272"
},
{
"tags": [
"exploit"
],
"url": "https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-26T16:28:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10428",
"datePublished": "2024-10-27T20:31:05.064Z",
"dateReserved": "2024-10-26T14:23:36.058Z",
"dateUpdated": "2024-10-28T14:44:44.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35517
Vulnerability from cvelistv5
Published
2022-08-09 19:59
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:59:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35517",
"datePublished": "2022-08-09T19:59:29",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35524
Vulnerability from cvelistv5
Published
2022-08-09 19:49
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:49:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35524",
"datePublished": "2022-08-09T19:49:18",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12124
Vulnerability from cvelistv5
Published
2020-10-02 08:11
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wavlink.com/en_us/product/WL-WN530H4.html | x_refsource_MISC | |
| https://cerne.xyz/bugs/CVE-2020-12124 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:11:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html",
"refsource": "MISC",
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"name": "https://cerne.xyz/bugs/CVE-2020-12124",
"refsource": "MISC",
"url": "https://cerne.xyz/bugs/CVE-2020-12124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12124",
"datePublished": "2020-10-02T08:11:57",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12266
Vulnerability from cvelistv5
Published
2020-04-27 14:33
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wavlink.com | x_refsource_MISC | |
| https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266 | x_refsource_MISC | |
| https://github.com/sudo-jtcsec/Nyra | x_refsource_MISC | |
| https://github.com/Roni-Carta/nyra | x_refsource_MISC | |
| https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wavlink.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-08T19:20:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wavlink.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wavlink.com",
"refsource": "MISC",
"url": "https://www.wavlink.com"
},
{
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266",
"refsource": "MISC",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266"
},
{
"name": "https://github.com/sudo-jtcsec/Nyra",
"refsource": "MISC",
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"name": "https://github.com/Roni-Carta/nyra",
"refsource": "MISC",
"url": "https://github.com/Roni-Carta/nyra"
},
{
"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices",
"refsource": "MISC",
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12266",
"datePublished": "2020-04-27T14:33:49",
"dateReserved": "2020-04-26T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10193
Vulnerability from cvelistv5
Published
2024-10-20 07:31
Modified
2024-10-21 16:16
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.280967 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.280967 | signature, permissions-required | |
| https://vuldb.com/?submit.422811 | third-party-advisory | |
| https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/ | exploit |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn530h4_firmware",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20220721"
}
]
},
{
"cpes": [
"cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn530hg4_firmware",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20220809"
}
]
},
{
"cpes": [
"cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wn572hg3_firmware",
"vendor": "wavlink",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10193",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T16:12:54.832624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:16:50.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WN530H4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"product": "WN530HG4",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
},
{
"product": "WN572HG3",
"vendor": "WAVLINK",
"versions": [
{
"status": "affected",
"version": "20221028"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stellar Lab (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 gefunden. Dies betrifft die Funktion ping_ddns der Datei internet.cgi. Mittels dem Manipulieren des Arguments DDNS mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T07:31:05.305Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-280967 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.280967"
},
{
"name": "VDB-280967 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.280967"
},
{
"name": "Submit #422811 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.422811"
},
{
"tags": [
"exploit"
],
"url": "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-19T09:41:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10193",
"datePublished": "2024-10-20T07:31:05.305Z",
"dateReserved": "2024-10-19T07:36:07.095Z",
"dateUpdated": "2024-10-21T16:16:50.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35522
Vulnerability from cvelistv5
Published
2022-08-09 19:51
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wanshtml-command-injection-in-admcgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:51:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wanshtml-command-injection-in-admcgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wanshtml-command-injection-in-admcgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wanshtml-command-injection-in-admcgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35522",
"datePublished": "2022-08-09T19:51:50",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35525
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:47:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35525",
"datePublished": "2022-08-09T19:47:38",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12125
Vulnerability from cvelistv5
Published
2020-10-02 08:12
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wavlink.com/en_us/product/WL-WN530H4.html | x_refsource_MISC | |
| https://cerne.xyz/bugs/CVE-2020-12125 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:12:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html",
"refsource": "MISC",
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"name": "https://cerne.xyz/bugs/CVE-2020-12125",
"refsource": "MISC",
"url": "https://cerne.xyz/bugs/CVE-2020-12125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12125",
"datePublished": "2020-10-02T08:12:23",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35518
Vulnerability from cvelistv5
Published
2022-08-09 19:56
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:56:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35518",
"datePublished": "2022-08-09T19:56:01",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12126
Vulnerability from cvelistv5
Published
2020-10-02 08:12
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wavlink.com/en_us/product/WL-WN530H4.html | x_refsource_MISC | |
| https://cerne.xyz/bugs/CVE-2020-12126 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:12:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html",
"refsource": "MISC",
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"name": "https://cerne.xyz/bugs/CVE-2020-12126",
"refsource": "MISC",
"url": "https://cerne.xyz/bugs/CVE-2020-12126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12126",
"datePublished": "2020-10-02T08:12:53",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35523
Vulnerability from cvelistv5
Published
2022-08-09 19:50
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-adding-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:50:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-adding-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-adding-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-adding-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35523",
"datePublished": "2022-08-09T19:50:17",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12127
Vulnerability from cvelistv5
Published
2020-10-02 08:13
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wavlink.com/en_us/product/WL-WN530H4.html | x_refsource_MISC | |
| https://cerne.xyz/bugs/CVE-2020-12127 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:13:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html",
"refsource": "MISC",
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"name": "https://cerne.xyz/bugs/CVE-2020-12127",
"refsource": "MISC",
"url": "https://cerne.xyz/bugs/CVE-2020-12127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12127",
"datePublished": "2020-10-02T08:13:20",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35538
Vulnerability from cvelistv5
Published
2022-08-09 19:03
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:03:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35538",
"datePublished": "2022-08-09T19:03:36",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35535
Vulnerability from cvelistv5
Published
2022-08-09 19:32
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:32:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35535",
"datePublished": "2022-08-09T19:32:10",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35526
Vulnerability from cvelistv5
Published
2022-08-09 19:43
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-loginshtml-command-injection-in-logincgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:43:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-loginshtml-command-injection-in-logincgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-loginshtml-command-injection-in-logincgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-loginshtml-command-injection-in-logincgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35526",
"datePublished": "2022-08-09T19:43:41",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12123
Vulnerability from cvelistv5
Published
2020-10-02 08:11
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wavlink.com/en_us/product/WL-WN530H4.html | x_refsource_MISC | |
| https://cerne.xyz/bugs/CVE-2020-12123 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:11:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wavlink.com/en_us/product/WL-WN530H4.html",
"refsource": "MISC",
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"name": "https://cerne.xyz/bugs/CVE-2020-12123",
"refsource": "MISC",
"url": "https://cerne.xyz/bugs/CVE-2020-12123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12123",
"datePublished": "2020-10-02T08:11:18",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35534
Vulnerability from cvelistv5
Published
2022-08-09 19:34
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_multi_ssidshtml-command-injection-in-wirelesscgi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:34:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_multi_ssidshtml-command-injection-in-wirelesscgi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_multi_ssidshtml-command-injection-in-wirelesscgi",
"refsource": "MISC",
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_multi_ssidshtml-command-injection-in-wirelesscgi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35534",
"datePublished": "2022-08-09T19:34:33",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-27 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Roni-Carta/nyra | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266 | Third Party Advisory | |
| cve@mitre.org | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices | Third Party Advisory | |
| cve@mitre.org | https://github.com/sudo-jtcsec/Nyra | Broken Link | |
| cve@mitre.org | https://www.wavlink.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Roni-Carta/nyra | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sudo-jtcsec/Nyra | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wavlink.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wl-wn579g3_firmware | m79x3.v5030.180719 | |
| wavlink | wl-wn579g3 | - | |
| wavlink | wl-wn575a3_firmware | rpt75a3.v4300.180801 | |
| wavlink | wl-wn575a3 | - | |
| wavlink | wl-wn530hg4_firmware | m30hg4.v5030.191116 | |
| wavlink | wl-wn530hg4 | - | |
| wavlink | wn531g3_firmware | - | |
| wavlink | wn531g3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn531a6_firmware | - | |
| wavlink | wn531a6 | - | |
| wavlink | wn551k1_firmware | - | |
| wavlink | wn551k1 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn57x93_firmware | - | |
| wavlink | wn57x93 | - | |
| wavlink | wn578a2_firmware | - | |
| wavlink | wn578a2 | - | |
| wavlink | wn579g3_firmware | - | |
| wavlink | wn579g3 | - | |
| wavlink | wn579x3_firmware | - | |
| wavlink | wn579x3 | - | |
| wavlink | jetstream_ac3000_firmware | - | |
| wavlink | jetstream_ac3000 | - | |
| wavlink | jetstream_erac3000_firmware | - | |
| wavlink | jetstream_erac3000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wl-wn579g3_firmware:m79x3.v5030.180719:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5B5133-6117-46F5-952B-83E07431103A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wl-wn579g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A953535F-7F4A-4EE5-B410-7650FC522E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wl-wn575a3_firmware:rpt75a3.v4300.180801:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F36CD2-95F5-4EEA-AFA7-F7D454B54500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wl-wn575a3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E486B15E-04DA-4DF6-A1A9-A37171131F44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wl-wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE37C65-A34D-43A3-88D2-A37F420C5003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wl-wn530hg4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C560108-445A-41BB-8D93-7FF5261FF54A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE015CD-5B74-46BF-96E1-2ABB1EA36BDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE2AAA4-71D2-4B70-81FB-836F1A419DBC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531a6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD8ACD6-6E1A-4E10-BDE4-A1ECC7F42D05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531a6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E958D7CA-F423-4698-8C17-4FD4D601EE0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638D4CDE-A83C-4CDA-A7B5-4F66C57A632D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8715346B-4E4E-484F-9783-848D215A1F6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn57x93_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE1B149-335C-4111-BD84-346E7B53F91F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn57x93:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB659B8-9D39-4FD7-BF22-D8324C81C027",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn578a2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F99776B-4224-45CA-80DA-ABF0F6FBDC96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn578a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "251C549D-78A7-4A3D-8F9C-2737FC2E1561",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn579g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58403BD0-AE29-4A3F-9E9E-69B94AEDDAF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn579g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE4FEE5-D863-469E-B83A-53E250B55433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn579x3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49FB3F17-942A-4836-86A0-84FD8352EEE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn579x3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "451F26A1-FE00-4894-9199-2C86CD6EE2C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:jetstream_ac3000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC80FB1-E311-418E-9BBF-CECC47E0516C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:jetstream_ac3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7E3DC7-45D4-413A-8842-E5247F39988E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:jetstream_erac3000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31E165AC-3CBC-46AA-A495-1E9633C09BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:jetstream_erac3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EA6B0-FDAE-45F0-B18B-2C15C72EDF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en donde hay m\u00faltiples p\u00e1ginas accesibles externamente que no requieren ning\u00fan tipo de autenticaci\u00f3n, y almacenan informaci\u00f3n del sistema para uso interno. Los dispositivos consultan autom\u00e1ticamente estas p\u00e1ginas para actualizar los paneles de control y otras estad\u00edsticas, pero las p\u00e1ginas puede ser accedidas externamente sin ninguna autenticaci\u00f3n. Todas las p\u00e1ginas siguen la convenci\u00f3n de nombres live_(string).shtml. Entre la informaci\u00f3n divulgada se encuentran: registros de estado de las interfaces, direcci\u00f3n IP del dispositivo, direcci\u00f3n MAC del dispositivo, modelo y versi\u00f3n del firmware actual, ubicaci\u00f3n, todos los procesos en ejecuci\u00f3n, todas las interfaces y sus estados, todas las concesiones de DHCP actuales y los nombres de host asociados, todas las dem\u00e1s redes inal\u00e1mbricas en el rango del enrutador, estad\u00edsticas de memoria y componentes de la configuraci\u00f3n del dispositivo, tal y como las funcionalidades habilitadas. Dispositivos afectados: Los dispositivos afectados son: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, y Jetstream AC3000/ERAC3000"
}
],
"id": "CVE-2020-12266",
"lastModified": "2024-11-21T04:59:24.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-27T15:15:12.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.wavlink.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-12266-affected_devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.wavlink.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-27 21:15
Modified
2024-11-13 17:57
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/ | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.281969 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.281969 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.427272 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | 20220721 | |
| wavlink | wn530h4 | - | |
| wavlink | wn530hg4_firmware | 20220809 | |
| wavlink | wn530hg4 | - | |
| wavlink | wn572hg3_firmware | 20221028 | |
| wavlink | wn572hg3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED923F-4EFA-447C-99E5-B48D1251B66C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2EABC3-DB43-428A-B229-A003B31184D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*",
"matchCriteriaId": "1F22D66E-063D-4954-AAF8-70C3E5D50EE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta el 28/10/2022. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n set_ipv6 del archivo firewall.cgi. La manipulaci\u00f3n del argumento dhcpGateway provoca la inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-10428",
"lastModified": "2024-11-13T17:57:51.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-27T21:15:02.333",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.281969"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.281969"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.427272"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 04:59
Severity ?
Summary
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cerne.xyz/bugs/CVE-2020-12124 | Third Party Advisory | |
| cve@mitre.org | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cerne.xyz/bugs/CVE-2020-12124 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | m30h4.v5030.190403 | |
| wavlink | wn530h4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*",
"matchCriteriaId": "1723A1C4-23B8-4BF3-8229-7A71B99F2707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de la l\u00ednea de comandos remota en el endpoint /cgi-bin/live_api.cgi del WAVLINK WN530H4 versi\u00f3n M30H4.V5030.190403, permite a un atacante ejecutar comandos Linux arbitrarios como root sin autenticaci\u00f3n"
}
],
"id": "CVE-2020-12124",
"lastModified": "2024-11-21T04:59:17.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12124"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo adm.cgi no presenta ning\u00fan filtro en los par\u00e1metros: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid y wlan_channel, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /wizard_rep.shtml"
}
],
"id": "CVE-2022-35524",
"lastModified": "2024-11-21T07:11:17.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:56.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-07 18:15
Modified
2024-11-21 04:56
Severity ?
Summary
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Roni-Carta/nyra | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 | Third Party Advisory | |
| cve@mitre.org | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices | Third Party Advisory | |
| cve@mitre.org | https://github.com/sudo-jtcsec/Nyra | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Roni-Carta/nyra | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sudo-jtcsec/Nyra | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wl-wn575a3_firmware | rpt75a3.v4300.180801 | |
| wavlink | wl-wn575a3 | - | |
| wavlink | wl-wn579g3_firmware | m79x3.v5030.180719 | |
| wavlink | wl-wn579g3 | - | |
| wavlink | wn531a6_firmware | - | |
| wavlink | wn531a6 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn57x93_firmware | - | |
| wavlink | wn57x93 | - | |
| wavlink | wn572hg3_firmware | - | |
| wavlink | wn572hg3 | - | |
| wavlink | wn575a4_firmware | - | |
| wavlink | wn575a4 | - | |
| wavlink | wn578a2_firmware | - | |
| wavlink | wn578a2 | - | |
| wavlink | wn579g3_firmware | - | |
| wavlink | wn579g3 | - | |
| wavlink | wn579x3_firmware | - | |
| wavlink | wn579x3 | - | |
| wavlink | jetstream_ac3000_firmware | - | |
| wavlink | jetstream_ac3000 | - | |
| wavlink | jetstream_erac3000_firmware | - | |
| wavlink | jetstream_erac3000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wl-wn575a3_firmware:rpt75a3.v4300.180801:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F36CD2-95F5-4EEA-AFA7-F7D454B54500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wl-wn575a3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E486B15E-04DA-4DF6-A1A9-A37171131F44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wl-wn579g3_firmware:m79x3.v5030.180719:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5B5133-6117-46F5-952B-83E07431103A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wl-wn579g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A953535F-7F4A-4EE5-B410-7650FC522E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531a6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD8ACD6-6E1A-4E10-BDE4-A1ECC7F42D05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531a6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E958D7CA-F423-4698-8C17-4FD4D601EE0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn57x93_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE1B149-335C-4111-BD84-346E7B53F91F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn57x93:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB659B8-9D39-4FD7-BF22-D8324C81C027",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "442C07D4-A5F1-4BD5-9727-523D57DB18F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn575a4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB35DB2-9E80-44F8-90F1-D347E288960C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn575a4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA899EFB-5557-41A6-810B-A87161556798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn578a2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F99776B-4224-45CA-80DA-ABF0F6FBDC96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn578a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "251C549D-78A7-4A3D-8F9C-2737FC2E1561",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn579g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58403BD0-AE29-4A3F-9E9E-69B94AEDDAF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn579g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE4FEE5-D863-469E-B83A-53E250B55433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn579x3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49FB3F17-942A-4836-86A0-84FD8352EEE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn579x3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "451F26A1-FE00-4894-9199-2C86CD6EE2C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:jetstream_ac3000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC80FB1-E311-418E-9BBF-CECC47E0516C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:jetstream_ac3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7E3DC7-45D4-413A-8842-E5247F39988E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:jetstream_erac3000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31E165AC-3CBC-46AA-A495-1E9633C09BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:jetstream_erac3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EA6B0-FDAE-45F0-B18B-2C15C72EDF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos que afecta a una funcionalidad backup. Una petici\u00f3n POST creada devuelve la configuraci\u00f3n actual del dispositivo en texto plano, incluida la contrase\u00f1a del administrador. No es requerida una autenticaci\u00f3n. Dispositivos afectados: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, y Jetstream AC3000/ERAC3000"
}
],
"id": "CVE-2020-10974",
"lastModified": "2024-11-21T04:56:29.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-07T18:15:11.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/Roni-Carta/nyra"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/sudo-jtcsec/Nyra"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn\u0027t appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo api.cgi no presenta filtro en el par\u00e1metro ufconf, y \u00e9ste es un par\u00e1metro oculto que no aparece en el cuerpo del POST, pero se presenta en el binario del cgi. Esto conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /ledonoff.shtml"
}
],
"id": "CVE-2022-35520",
"lastModified": "2024-11-21T07:11:17.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:55.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-hidden-parameter-ufconf-command-injection-in-apicgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-hidden-parameter-ufconf-command-injection-in-apicgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo login.cgi no presenta ning\u00fan filtro en el par\u00e1metro key, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /login.shtml"
}
],
"id": "CVE-2022-35526",
"lastModified": "2024-11-21T07:11:18.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:56.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-loginshtml-command-injection-in-logincgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-loginshtml-command-injection-in-logincgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo adm.cgi no presenta ning\u00fan filtro en el par\u00e1metro led_switch, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /ledonoff.shtml"
}
],
"id": "CVE-2022-35525",
"lastModified": "2024-11-21T07:11:17.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:56.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-ledonoffshtml-command-injection-in-admcgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo wireless.cgi no presenta filtro en los par\u00e1metros: mac_5g y Newname, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /wifi_mesh.shtml"
}
],
"id": "CVE-2022-35537",
"lastModified": "2024-11-21T07:11:18.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:57.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_meshshtml-hidden-parameter-command-injection-in-wirelesscgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_meshshtml-hidden-parameter-command-injection-in-wirelesscgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo qos.cgi no presenta ning\u00fan filtro en los par\u00e1metros: cli_list y cli_num, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /qos.shtml"
}
],
"id": "CVE-2022-35533",
"lastModified": "2024-11-21T07:11:18.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:56.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-hidden-parameters-command-injection-in-qoscgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-hidden-parameters-command-injection-in-qoscgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-27 21:15
Modified
2024-11-13 17:58
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/ | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.281970 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.281970 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.427274 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | 20220721 | |
| wavlink | wn530h4 | - | |
| wavlink | wn530hg4_firmware | 20220809 | |
| wavlink | wn530hg4 | - | |
| wavlink | wn572hg3_firmware | 20221028 | |
| wavlink | wn572hg3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED923F-4EFA-447C-99E5-B48D1251B66C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2EABC3-DB43-428A-B229-A003B31184D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*",
"matchCriteriaId": "1F22D66E-063D-4954-AAF8-70C3E5D50EE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta 20221028. La funci\u00f3n set_ipv6 del archivo internet.cgi est\u00e1 afectada. La manipulaci\u00f3n del argumento IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr provoca la inyecci\u00f3n de comandos. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-10429",
"lastModified": "2024-11-13T17:58:18.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-27T21:15:02.603",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.281970"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.281970"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.427274"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo wireless.cgi no presenta filtro en los par\u00e1metros: delete_list, delete_al_mac, b_delete_list y b_delete_al_mac, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /wifi_mesh.shtml"
}
],
"id": "CVE-2022-35538",
"lastModified": "2024-11-21T07:11:19.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:57.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo firewall.cgi no presenta filtros en los par\u00e1metros: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled y blockSynFloodEnabled, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /man_security.shtml"
}
],
"id": "CVE-2022-35521",
"lastModified": "2024-11-21T07:11:17.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:55.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-man_securityshtml-command-injection-in-firewallcgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-man_securityshtml-command-injection-in-firewallcgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo wireless.cgi no presenta ning\u00fan filtro en el par\u00e1metro hiddenSSID32g y SSID2G2, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /wifi_multi_ssid.shtml"
}
],
"id": "CVE-2022-35534",
"lastModified": "2024-11-21T07:11:18.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:57.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_multi_ssidshtml-command-injection-in-wirelesscgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-wifi_multi_ssidshtml-command-injection-in-wirelesscgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo firewall.cgi no presenta filtro en el par\u00e1metro del_mac y en el par\u00e1metro flag, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /cli_black_list.shtml"
}
],
"id": "CVE-2022-35523",
"lastModified": "2024-11-21T07:11:17.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:55.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-adding-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-adding-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 04:59
Severity ?
Summary
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cerne.xyz/bugs/CVE-2020-12126 | Third Party Advisory | |
| cve@mitre.org | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cerne.xyz/bugs/CVE-2020-12126 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | m30h4.v5030.190403 | |
| wavlink | wn530h4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*",
"matchCriteriaId": "1723A1C4-23B8-4BF3-8229-7A71B99F2707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de omisi\u00f3n de autenticaci\u00f3n en el endpoint /cgi-bin/ del WAVLINK WN530H4 versi\u00f3n M30H4.V5030.190403, permiten a un atacante filtrar la configuraci\u00f3n del enrutador, cambiar variables de configuraci\u00f3n y causar una denegaci\u00f3n de servicio por medio de un endpoint no autenticado"
}
],
"id": "CVE-2020-12126",
"lastModified": "2024-11-21T04:59:18.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12126"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 04:59
Severity ?
Summary
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cerne.xyz/bugs/CVE-2020-12127 | Third Party Advisory | |
| cve@mitre.org | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cerne.xyz/bugs/CVE-2020-12127 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | m30h4.v5030.190403 | |
| wavlink | wn530h4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*",
"matchCriteriaId": "1723A1C4-23B8-4BF3-8229-7A71B99F2707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el endpoint /cgi-bin/ExportAllSettings.sh del WAVLINK WN530H4 versi\u00f3n M30H4.V5030.190403, permite a un atacante filtrar la configuraci\u00f3n del enrutador, incluyendo los detalles de inicio de sesi\u00f3n en texto sin cifrar, la configuraci\u00f3n DNS y otra informaci\u00f3n confidencial sin autenticaci\u00f3n"
}
],
"id": "CVE-2020-12127",
"lastModified": "2024-11-21T04:59:18.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12127"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-20 08:15
Modified
2024-10-23 16:16
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/ | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.280967 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.280967 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?submit.422811 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | * | |
| wavlink | wn530h4 | - | |
| wavlink | wn530hg4_firmware | * | |
| wavlink | wn530hg4 | - | |
| wavlink | wn572hg3_firmware | * | |
| wavlink | wn572hg3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6EC91A-7820-4387-ACB7-3747313DBDB0",
"versionEndIncluding": "20221028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80C4ED9C-1FC9-40F2-807B-5C90B69EF406",
"versionEndIncluding": "20221028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F946982-3A15-4E5D-838B-CBDC56A813A2",
"versionEndIncluding": "20221028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta el 28/10/2022 y se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n ping_ddns del archivo internet.cgi. La manipulaci\u00f3n del argumento DDNS provoca la inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-10193",
"lastModified": "2024-10-23T16:16:11.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-20T08:15:02.300",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.280967"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.280967"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?submit.422811"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 04:59
Severity ?
Summary
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cerne.xyz/bugs/CVE-2020-12125 | Third Party Advisory | |
| cve@mitre.org | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cerne.xyz/bugs/CVE-2020-12125 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | m30h4.v5030.190403 | |
| wavlink | wn530h4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*",
"matchCriteriaId": "1723A1C4-23B8-4BF3-8229-7A71B99F2707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento del b\u00fafer remoto en el endpoint /cgi-bin/makeRequest.cgi del WAVLINK WN530H4 versi\u00f3n M30H4.V5030.190403, permite a un atacante ejecutar instrucciones de m\u00e1quina arbitrarias como root sin autenticaci\u00f3n"
}
],
"id": "CVE-2020-12125",
"lastModified": "2024-11-21T04:59:17.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12125"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 04:59
Severity ?
Summary
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cerne.xyz/bugs/CVE-2020-12123 | Third Party Advisory | |
| cve@mitre.org | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cerne.xyz/bugs/CVE-2020-12123 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wavlink.com/en_us/product/WL-WN530H4.html | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | m30h4.v5030.190403 | |
| wavlink | wn530h4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*",
"matchCriteriaId": "1723A1C4-23B8-4BF3-8229-7A71B99F2707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work."
},
{
"lang": "es",
"value": "Unas vulnerabilidades de tipo CSRF en el directorio /cgi-bin/ del WAVLINK WN530H4 versi\u00f3n M30H4.V5030.190403, permiten a un atacante acceder remotamente a los endpoints del enrutador, porque estos endpoints no contienen tokens de CSRF.\u0026#xa0;Si un usuario est\u00e1 autenticado en el portal del enrutador, entonces este ataque funcionar\u00e1"
}
],
"id": "CVE-2020-12123",
"lastModified": "2024-11-21T04:59:17.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12123"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cerne.xyz/bugs/CVE-2020-12123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.wavlink.com/en_us/product/WL-WN530H4.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-20 08:15
Modified
2024-10-23 16:16
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.280968 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.280968 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?submit.422834 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn530h4_firmware | * | |
| wavlink | wn530h4 | - | |
| wavlink | wn530hg4_firmware | * | |
| wavlink | wn530hg4 | - | |
| wavlink | wn572hg3_firmware | * | |
| wavlink | wn572hg3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6EC91A-7820-4387-ACB7-3747313DBDB0",
"versionEndIncluding": "20221028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80C4ED9C-1FC9-40F2-807B-5C90B69EF406",
"versionEndIncluding": "20221028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F946982-3A15-4E5D-838B-CBDC56A813A2",
"versionEndIncluding": "20221028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta el 28/10/2022. Se ha clasificado como cr\u00edtica. La funci\u00f3n Goto_chidx del archivo login.cgi del componente Front-End Authentication Page est\u00e1 afectada. La manipulaci\u00f3n del argumento wlanUrl provoca un desbordamiento del b\u00fafer basado en la pila. El ataque solo puede iniciarse dentro de la red local. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-10194",
"lastModified": "2024-10-23T16:16:49.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-20T08:15:02.710",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.280968"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?id.280968"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?submit.422834"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo nas.cgi no presenta ning\u00fan filtro en los par\u00e1metros: User1Passwd y User1, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /nas_disk.shtml"
}
],
"id": "CVE-2022-35518",
"lastModified": "2024-11-21T07:11:16.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:54.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-nas_diskshtml-command-injection-in-nascgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo wireless.cgi no presenta ning\u00fan filtro en el par\u00e1metro macAddr, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /wifi_mesh.shtml"
}
],
"id": "CVE-2022-35535",
"lastModified": "2024-11-21T07:11:18.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:57.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-adding-extender-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo adm.cgi no presenta ning\u00fan filtro en los par\u00e1metros: ppp_username, ppp_passwd, rwan_gateway, rwan_mask y rwan_ip, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /wan.shtml"
}
],
"id": "CVE-2022-35522",
"lastModified": "2024-11-21T07:11:17.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:55.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wanshtml-command-injection-in-admcgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wanshtml-command-injection-in-admcgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo firewall.cgi no presenta filtro en el par\u00e1metro add_mac, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /cli_black_list.shtml"
}
],
"id": "CVE-2022-35519",
"lastModified": "2024-11-21T07:11:17.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:54.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-deleting-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#command-injection-occurs-when-deleting-blacklist-in-wavlink-router-ac1200-page-cli_black_listshtml-in-firewallcgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo qos.cgi no filtra los par\u00e1metros: qos_bandwith y qos_dat, lo que conlleva una inyecci\u00f3n de comandos en la p\u00e1gina /qos.shtml"
}
],
"id": "CVE-2022-35536",
"lastModified": "2024-11-21T07:11:18.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:57.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#wavlink-router-ac1200-page-qosshtml-command-injection-in-qoscgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 07:11
Severity ?
Summary
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavlink | wn572hp3_firmware | - | |
| wavlink | wn572hp3 | - | |
| wavlink | wn533a8_firmware | - | |
| wavlink | wn533a8 | - | |
| wavlink | wn530h4_firmware | - | |
| wavlink | wn530h4 | - | |
| wavlink | wn535g3_firmware | - | |
| wavlink | wn535g3 | - | |
| wavlink | wn531p3_firmware | - | |
| wavlink | wn531p3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml."
},
{
"lang": "es",
"value": "WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3, el archivo adm.cgi no presenta filtros en los par\u00e1metros: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd y ppp_setver, lo que conlleva a una inyecci\u00f3n de comandos en la p\u00e1gina /wizard_router_mesh.shtml"
}
],
"id": "CVE-2022-35517",
"lastModified": "2024-11-21T07:11:16.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:54.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_router_meshshtml-command-injection-in-admcgi"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}