S4E

CVE-2022-2486 Scanner

Detects 'Command Injection' vulnerability in WAVLINK WN535K2 and WN535K3 affects v. Unknown.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 3 days

Scan only one

Domain, IPv4

Toolbox

-

WAVLINK WN535K2 and WN535K3 are wireless routers commonly used in homes and small offices. These routers can deliver high-speed internet access over a long range and are equipped with a range of security features that offer secure connectivity. These features include VPN, WPA/WPA2, firewalls, and MAC address filtering, making them popular among users who prioritize security.

However, the CVE-2022-2486 vulnerability detected in these routers is a critical concern for users. The vulnerability allows an attacker to inject OS commands through the manipulation of the "key" argument in the file "/cgi-bin/mesh.cgi?page=upgrade." This manipulation opens the door for attackers to execute commands remotely, giving them unlimited access to the router and its connected devices.

When exploited, the CVE-2022-2486 vulnerability can lead to a range of risks for users. Attackers can easily breach network security measures, steal sensitive data, modify data, or launch DDoS attacks. The vulnerability can also give attackers full control of the device, allowing them to interfere with the router's configurations, override security protocols, and compromise other connected devices within the network.

Thanks to the pro features of the s4e.io platform, users can easily, quickly and accurately learn about any vulnerabilities in their digital assets. Their pro services offer regular vulnerability testing and assessments, identifying potential threats before they can damage systems and data. Users can rely on this platform to provide comprehensive and up-to-date information on emerging and potential threats and gain the tools needed to mitigate these risks.

 

REFERENCES

Get started to protecting your Free Full Security Scan