漏洞描述
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。nightled.cgi文件的start_hour参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。
Wavlink nightled.cgi 命令执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-13117: Wavlink Multiple AP - Remote Command Injection
- POC CVE-2022-2486: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2487: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2488: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-30489: Wavlink WN-535G3 - Cross-Site Scripting
- POC CVE-2022-34048: Wavlink WN-533A8 - Cross-Site Scripting
- POC CVE-2022-48164: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure
- POC CVE-2022-48165: Wavlink - Improper Access Control
- POC CVE-2022-48166: Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure
- POC CVE-2022-2486: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2487: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2488: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC unauth-wavink-panel: Wavlink Panel - Unauthenticated Access