WAVLINK WN535K2/WN535K3 nightled.cgi os command injection

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

WAVLINK WN535K2 和 WN535K3 操作系统命令注入漏洞

WAVLINK WN535K2和WAVLINK WN535K3都是中国WAVLINK公司的一个无线路由器。 WAVLINK WN535K2 和 WN535K3 版本存在安全漏洞，该漏洞源于/cgi-bin/nightled.cgi 的未知代码，对start_hour参数操作可能会导致 os 命令注入。

N/A

N/A