漏洞描述
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。touchlist_sync.cgi文件的IP参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。
Wavlink touchlist_sync.cgi 命令执行漏洞(cve-2022-2488)
PoC代码
暂无相关漏洞推荐
- wavlink-router-live-api-cgi-rce: WavLink Router Live API cgi RCE
- POC CVE-2020-10973: WAVLINK - Access Control
- POC CVE-2020-12124: WAVLINK WN530H4 live_api.cgi - Command Injection
- POC CVE-2020-12127: WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
- POC CVE-2020-13117: Wavlink Multiple AP - Remote Command Injection
- POC CVE-2021-44260: WAVLINK AC1200 - Information Disclosure
- POC CVE-2022-2486: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2487: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2488: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-30489: Wavlink WN-535G3 - Cross-Site Scripting
- POC CVE-2022-31845: WAVLINK WN535 G3 - Information Disclosure
- POC CVE-2022-31846: WAVLINK WN535 G3 - Information Disclosure
- POC CVE-2022-31847: WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure