CVE-2022-35538 Information

Description

WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 wireless.cgi has no filtering on parameters: delete_list delete_al_mac b_delete_list and b_delete_al_mac which leads to command injection in page /wifi_mesh.shtml.

Reference

https://github.com/TyeYeah/othercveinfo/tree/main/wavlink#command-injection-occurs-when-clicking-the-button-in-wavlink-router-ac1200-page-wifi_meshshtml-in-wirelesscgi