CVE-2022-2487
Published: 20 July 2022
Summary
CVE-2022-2487 is a high-severity OS Command Injection (CWE-78) vulnerability in Wavlink Wl-Wn535K2 Firmware. Its CVSS base score is 8.0 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability CVE-2022-2487 is an OS command injection flaw classified under CWE-78 and present in the file /cgi-bin/nightled.cgi on WAVLINK WN535K2 and WN535K3 devices. It stems from unsanitized handling of the start_hour argument and received a CVSS 3.1 score of 8.0 reflecting adjacent-network access, low attack complexity, and low required privileges.
An authenticated attacker positioned on the same network segment can supply a malicious start_hour value to execute arbitrary operating-system commands, resulting in full compromise of device confidentiality, integrity, and availability. Public proof-of-concept code demonstrating the injection has already been published.
The associated EPSS probability currently stands at 0.9225 after reaching a peak of 0.9692, indicating sustained exploitation interest following disclosure. No vendor advisory or patch information is referenced in the available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34746
Vulnerability details
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to…
more
the public and may be used.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.