CVE-2022-35518

Published Aug 10, 2022

Last updated a year ago

CVSS critical 9.8

Overview

Description: WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wavlink:wn572hp3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C10B4A3-06B7-4D00-B19D-33AA1BA0B4F7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wavlink:wn572hp3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EF8FDD60-72C0-4B79-A34E-2D421C148D1D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:wavlink:wn531p3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BCB68D6-1392-4C63-ABDE-D5BE2E44A4BE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:wavlink:wn531p3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2049DBB6-8443-447E-A537-B8F44F533324"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References