CVE-2022-2486 Scanner
Detects 'Command Injection' vulnerability in WAVLINK WN535K2 and WN535K3 affects v. Unknown.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4
Toolbox
-
WAVLINK WN535K2 and WN535K3 are wireless routers commonly used in homes and small offices. These routers can deliver high-speed internet access over a long range and are equipped with a range of security features that offer secure connectivity. These features include VPN, WPA/WPA2, firewalls, and MAC address filtering, making them popular among users who prioritize security.
However, the CVE-2022-2486 vulnerability detected in these routers is a critical concern for users. The vulnerability allows an attacker to inject OS commands through the manipulation of the "key" argument in the file "/cgi-bin/mesh.cgi?page=upgrade." This manipulation opens the door for attackers to execute commands remotely, giving them unlimited access to the router and its connected devices.
When exploited, the CVE-2022-2486 vulnerability can lead to a range of risks for users. Attackers can easily breach network security measures, steal sensitive data, modify data, or launch DDoS attacks. The vulnerability can also give attackers full control of the device, allowing them to interfere with the router's configurations, override security protocols, and compromise other connected devices within the network.
Thanks to the pro features of the s4e.io platform, users can easily, quickly and accurately learn about any vulnerabilities in their digital assets. Their pro services offer regular vulnerability testing and assessments, identifying potential threats before they can damage systems and data. Users can rely on this platform to provide comprehensive and up-to-date information on emerging and potential threats and gain the tools needed to mitigate these risks.
REFERENCES