CVE-2022-2487 Scanner
Detects 'Command Injection' vulnerability in WAVLINK WN535K2 and WN535K3 affects v. Unknown.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
WAVLINK WN535K2 and WN535K3 are wireless routers used for home and small business networks. They provide high-speed internet access, Wi-Fi connectivity, and secure network connections. These routers are designed to offer reliable and fast networking capabilities to meet the demands of modern-day users. The WAVLINK WN535K2 and WN535K3 routers are equipped with advanced technologies, such as IPv6, 802.11ac Wi-Fi, and WPA/WPA2 wireless security protocols, to deliver top-of-the-line performance.
However, a critical vulnerability has been detected in the unknown code of the WAVLINK WN535K2 and WN535K3 routers. Specifically, the vulnerability is present in the file /cgi-bin/nightled.cgi, and is classified as CVE-2022-2487. The vulnerability allows unauthenticated attackers to inject OS commands by manipulating the argument start_hour. This vulnerability can lead to the execution of arbitrary commands on the router, allowing an attacker to take control of the device and potentially the entire network.
When the CVE-2022-2487 vulnerability is exploited, it can lead to serious consequences for the users of the WAVLINK WN535K2 and WN535K3 routers. Attackers can gain unauthorized access to sensitive data, steal important information such as login credentials, and even launch attacks on other devices on the network. This can lead to financial loss, business disruption, and reputational damage for individuals and companies alike.
In conclusion, the WAVLINK WN535K2 and WN535K3 routers have a critical vulnerability that poses a serious threat to their users. However, with the right precautions, users can protect their networks from potential attacks. s4e.io provides pro features that help users easily and quickly learn about vulnerabilities in their digital assets, empowering them to take action and secure their networks.
REFERENCES