Cyber Resilience

CVE-2022-35524

CriticalPublic PoC

Published: 10 August 2022

Published
10 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0503 90.0th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-35524 is a critical-severity an unspecified weakness vulnerability in Wavlink Wn572Hp3 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 10.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-35524 is a command-injection vulnerability affecting the adm.cgi endpoint on several WAVLINK wireless router models, specifically WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. The flaw stems from missing input validation on the parameters wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid, and wlan_channel, allowing unsanitized values to reach the /wizard_rep.shtml page and execute arbitrary operating-system commands.

An unauthenticated attacker with network access can supply crafted values to these parameters and obtain remote code execution. Successful exploitation grants full control over the device, enabling arbitrary command execution with impacts on confidentiality, integrity, and availability, consistent with the CVSS 9.8 rating.

Public references consist of a GitHub repository that documents the injection vectors through proof-of-concept details but contain no vendor advisory, firmware patch, or mitigation guidance.

The associated EPSS score reached a peak of 0.0802 after disclosure before settling at the current value of 0.0503, indicating a measurable increase in observed exploitation interest following publication.

EU & UK References

Vulnerability details

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wavlink
wn572hp3 firmware
all versions
wavlink
wn533a8 firmware
all versions
wavlink
wn530h4 firmware
all versions
wavlink
wn535g3 firmware
all versions
wavlink
wn531p3 firmware
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References