CVE-2022-35524 Information

Description

WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 adm.cgi has no filtering on parameters: wlan_signal web_pskValue sel_EncrypTyp sel_Automode wlan_bssid wlan_ssid and wlan_channel which leads to command injection in page /wizard_rep.shtml.

Reference

https://github.com/TyeYeah/othercveinfo/blob/main/wavlink/README.md#wavlink-router-ac1200-page-wizard_repshtml-command-injection-in-admcgi