WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWavlink Wn530h4
HWWavlinkwszystkie wersjeWavlink Wn530h4 Firmware
OSWavlinkwszystkie wersjeWavlink Wn531p3
HWWavlinkwszystkie wersjeWavlink Wn531p3 Firmware
OSWavlinkwszystkie wersjeWavlink Wn533a8
HWWavlinkwszystkie wersjeWavlink Wn533a8 Firmware
OSWavlinkwszystkie wersjeWavlink Wn535g3
HWWavlinkwszystkie wersjeWavlink Wn535g3 Firmware
OSWavlinkwszystkie wersjeWavlink Wn572hp3
HWWavlinkwszystkie wersjeWavlink Wn572hp3 Firmware
OSWavlinkwszystkie wersje
Related vulnerabilities
Zakodowane na stałe hasło root w firmware Wavlink WN531P3
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and U...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManage...