Headline

CVE-2022-2488: webray.com.cn/Wavlink touchlist_sync.cgi.md at main · 1angx/webray.com.cn

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.

2 years ago

CVE

Open in Source

#vulnerability #web #auth

###Wavlink touchlist_sync.cgi command execution

Exploit Title

Wavlink touchlist_sync.cgicommand execution

Exploit Author

[email protected] inc

Vulnerability condition

Unlimited front desk

Vendor Homepage

https://www.wavlink.com

Software Link

https://www.wavlink.com/zh_cn/firmware.html

Version

WN535K2/K3

Description

There is a command execution vulnerability in wavlink, through which an attacker can gain server privileges

Payload used

/cgi-bin/touchlist_sync.cgi?IP=;cmd;

Proof of Concept

Related news

Slew of WavLink vulnerabilities

Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application. The Wavlink AC3000 wireless router is one of the

8 hours ago

TALOS

Open in Source

#vulnerability #web #cisco #intel #buffer_overflow #auth