CVE-2022-23900

Vulnerability

The Wavlink WL-WN531P3 router, version M31G3.V5030.201204, contains a command injection vulnerability in its API. The flaw resides in the /cgi-bin/adm.cgi endpoint, which does not properly sanitize user-supplied input. An attacker can achieve unauthorized remote code execution by sending a crafted POST request [1].

Exploitation

An unauthenticated attacker with network access to the router can exploit this vulnerability. The attacker sends a malicious POST request to the /cgi-bin/adm.cgi endpoint, injecting arbitrary commands into the request payload. No prior authentication is required, and the endpoint is reachable over the network [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the router with root privileges. This results in full compromise of the device, including the ability to modify configuration, intercept network traffic, pivot to internal networks, or use the router as a foothold for further attacks. The impact is complete loss of confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2022-04-07), no patched firmware version has been released. Users should monitor Wavlink's official support page for updates. Until a fix is available, it is recommended to restrict network access to the router's management interface and disable remote administration if not required. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog [1].