9.8
CVE-2022-2488
- EPSS 27.71%
- Veröffentlicht 20.07.2022 12:15:08
- Zuletzt bearbeitet 14.01.2025 16:15:26
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginWAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wavlink ≫ Wl-wn535k2 Firmware Version-
Wavlink ≫ Wl-wn535k3 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 27.71% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20touchlist_sync.cgi.md
https://vuldb.com/?id.204539
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1999