CVE-2022-35518 in WN572HP3
Summary
by MITRE • 08/11/2022
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/20/2025
The vulnerability identified as CVE-2022-35518 affects multiple WAVLINK wireless router models including WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. This issue resides within the nas.cgi web application component that handles network attached storage configuration interfaces. The flaw manifests in the lack of proper input validation and sanitization for specific parameters named User1Passwd and User1, which are processed within the /nas_disk.shtml page context. This absence of parameter filtering creates a critical security gap that allows malicious actors to inject arbitrary commands into the system.
The technical implementation of this vulnerability stems from improper input validation within the web application's backend processing logic. When user-provided data is directly incorporated into system commands without adequate sanitization or filtering, it creates an environment ripe for command injection attacks. The parameters User1Passwd and User1 are particularly susceptible because they are passed directly to system execution functions without proper escaping or validation mechanisms. This design flaw aligns with CWE-77 which specifically addresses command injection vulnerabilities in software systems. The vulnerability exists in the context of web-based administration interfaces where user inputs are expected to be treated as untrusted data and properly validated before any processing occurs.
The operational impact of this vulnerability is severe and potentially catastrophic for affected networks. An attacker who can access the web interface of these devices could execute arbitrary commands with the privileges of the web application process, which typically runs with elevated system permissions. This command injection capability could enable full system compromise including but not limited to remote code execution, data exfiltration, privilege escalation, and persistent backdoor installation. The vulnerability affects devices that are commonly deployed in home and small office environments, making them attractive targets for cybercriminals seeking to establish persistent access points or launch broader network attacks. According to ATT&CK framework, this vulnerability maps to T1059.001 Command and Scripting Interpreter with the specific technique of executing commands through web applications.
Mitigation strategies for CVE-2022-35518 should prioritize immediate remediation through firmware updates from WAVLINK, as this vulnerability affects the device's core web application functionality. Network administrators should implement strict access controls limiting physical and remote access to these devices, particularly restricting administrative access to trusted networks only. Additionally, implementing web application firewalls and input validation rules that specifically target command injection patterns can provide additional defense in depth. The vulnerability demonstrates the critical importance of input validation and proper parameter sanitization in web applications, as outlined in OWASP Top 10 A03:2021 - Injection. Organizations should also consider network segmentation to limit the potential impact of successful exploitation and implement monitoring for suspicious command execution patterns. Regular vulnerability assessments and security audits of network infrastructure components are essential to identify similar flaws in other network devices and prevent similar incidents from occurring in the future.