CVE-2022-35517
Published: 10 August 2022
Summary
CVE-2022-35517 is a high-severity an unspecified weakness vulnerability in Wavlink Wn572Hp3 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-35517 affects multiple WAVLINK router models including WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. The root cause is missing input filtering on the parameters web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd, and ppp_setver within adm.cgi, which permits command injection when the /wizard_router_mesh.shtml page is accessed.
An authenticated attacker with network access can supply crafted values for these parameters to execute arbitrary commands on the device. Successful exploitation yields full control over the router, enabling actions such as configuration changes, traffic interception, or persistence, consistent with the CVSS 8.8 rating reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
The associated EPSS score has remained low and stable, with a current value of 0.0490 and a peak of 0.0507. Public references consist of technical write-ups on GitHub that document the injection vectors but contain no vendor advisories, firmware patches, or mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-38404
Vulnerability details
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.