CVE-2022-35523
Published: 10 August 2022
Summary
CVE-2022-35523 is a critical-severity an unspecified weakness vulnerability in Wavlink Wn572Hp3 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 10.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-35523 affects the firewall.cgi component in multiple WAVLINK router models including WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. The root cause is absent input filtering on the del_mac and flag parameters, which permits command injection when the device renders the /cli_black_list.shtml page.
An unauthenticated attacker with network access can supply crafted values for these parameters to execute arbitrary commands on the device. The vulnerability carries a CVSS 3.1 score of 9.8, reflecting that successful exploitation can yield full control over the router without requiring credentials or user interaction.
Public references hosted on GitHub document the injection vector in detail but do not describe vendor patches or official mitigation steps. The associated EPSS score rose from a low baseline to a peak of 0.0876, indicating that exploitation interest increased after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-38410
Vulnerability details
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.