CVE-2022-35518

Vulnerability

Multiple WAVLINK router models — WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 — are affected by a command injection vulnerability in the nas.cgi script. The parameters User1Passwd and User1 are passed without any input filtering, leading to injection into the /nas_disk.shtml page [1].

Exploitation

An attacker must first authenticate to the router's management interface. Once logged in, the attacker can craft a POST request to /cgi-bin/nas.cgi and inject arbitrary system commands into either the User1Passwd or User1 parameters by appending a command after a semicolon (e.g., xxx;command) [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary operating system commands on the router with root privileges, leading to full device compromise. This can result in complete loss of confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2022-08-09), no fixed firmware version or patch has been announced for any of the affected models. Users should restrict access to the management interface to trusted networks only and monitor for official updates from WAVLINK. There is no indication that this CVE is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].