This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OS Command Injection in WAVLINK routers. π **Consequences**: Attackers can execute arbitrary commands, steal data, modify system files, or take full control of the device.β¦
π‘οΈ **Root Cause**: CWE-78 (OS Command Injection). π₯ **Flaw**: The `/cgi-bin/nightled.cgi` script fails to sanitize the `start_hour` parameter. Malicious input is passed directly to the OS shell.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WAVLINK WN535K2 and WN535K3 Wireless Routers. π **Vendor**: WAVLINK (China). β οΈ **Scope**: Specifically targets the `nightled.cgi` component in these models.
Q4What can hackers do? (Privileges/Data)
π **Capabilities**: Full system control. π **Data**: Access to sensitive info. π **Privileges**: Execute malware, modify data, gain root/admin access without credentials. Itβs a total compromise.
Q5Is exploitation threshold high? (Auth/Config)
π **Auth Required**: Yes. PR:L (Privileges Required: Low). π **Access**: Network Adjacent (AV:A). β οΈ **Threshold**: Moderate. You need local network access and basic credentials, but no user interaction (UI:N) is needed.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp**: Yes. π **PoC**: Available via Nuclei templates (projectdiscovery). π **Status**: Known vulnerability with documented exploitation paths. Not zero-day anymore.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for `/cgi-bin/nightled.cgi`. π‘ **Tool**: Use Nuclei or similar scanners with CVE-2022-2487 templates. π§ͺ **Test**: Manipulate `start_hour` parameter to see if shell commands execute.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Patch**: Check WAVLINK official support for firmware updates. π **Published**: July 20, 2022. β³ **Status**: Vendor should have released a fix by now. Verify your routerβs firmware version.
Q9What if no patch? (Workaround)
π§ **Workaround**: Disable remote management if possible. π« **Network**: Isolate IoT devices on a separate VLAN. π **Access Control**: Restrict access to the routerβs admin interface to trusted IPs only.
Q10Is it urgent? (Priority Suggestion)
π₯ **Priority**: HIGH. π **CVSS**: 9.8 (Critical). π¨ **Action**: Patch immediately or isolate. The impact is High (C:H, I:H, A:H). Donβt ignore this!