Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter.
The vulnerability exists in the set_sys_init() function of the login.cgi file and is triggered by a specially crafted HTTP request. An attacker can pass a malicious value in the POST parameter named `restart_week_value`, which is then passed to the system command interpreter without proper validation or sanitization (CWE-77). The attack requires no authentication or user interaction, and its scope extends beyond the context of the targeted application (Scope: Changed).
An attacker can gain full control of the device by remotely executing arbitrary system commands, leading to complete breach of confidentiality, integrity, and availability of the system.
Security patches available from the manufacturer should be applied according to the references. As a temporary workaround, it is recommended to restrict access to the device's administrative interface to trusted local networks only and block internet access using a firewall.
Wavlink AC3000 M33A8, firmware version V5030.210505 (products WL-WN533A8 / WL-WN533A8 Firmware)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWavlink Wl Wn533a8
HWWavlinkwszystkie wersjeWavlink Wl Wn533a8 Firmware
OSWavlinkm33a8.v5030.210505
Related vulnerabilities
Command injection w Wavlink AC3000 — wykonanie dowolnych poleceń przez adm.cgi
Command injection w firmware Wavlink AC3000 — zdalne wykonanie kodu
Command injection w Wavlink AC3000 – nieautoryzowane wykonanie poleceń
Stack-based buffer overflow w Wavlink AC3000 umożliwia RCE przez HTTP
Buffer overflow w Wavlink AC3000 — podatność w funkcji set_info() usbip.cgi