0x01 Vulnerability description

an issue was discovered on WAVLINK WN535 G3 devices,Firmware package version M35G3R.V5030.180927,where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time

0x02 Affected version

WAVLINK WN535 G3

0x03 Vulnerability

In adm.cgi, the received POST is directly spliced to the system function for execution

0x04 PoC verification

0x05 Acknowledgement

PeiWen.Huang

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WAVLINK WN535 G3_Command Execution Vulnerability.md

WAVLINK WN535 G3_Command Execution Vulnerability.md

0x01 Vulnerability description

0x02 Affected version

0x03 Vulnerability

0x04 PoC verification

0x05 Acknowledgement

Files

WAVLINK WN535 G3_Command Execution Vulnerability.md

Latest commit

History

WAVLINK WN535 G3_Command Execution Vulnerability.md

File metadata and controls

0x01 Vulnerability description

0x02 Affected version

0x03 Vulnerability

0x04 PoC verification

0x05 Acknowledgement