CVERadar
Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For FreeCVE-2022-34577
High Severity|Wavlink
69
SVRS
9.8
CVSSv3
0.01731
EPSS
TAGSNo tags available
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2022-07-25
LAST MODIFIED2024-08-03
Deep CVE Analysis in Progress
The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.
Security Intelligence Brief
1. What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2022-34577, is a critical flaw found in the adm.cgi component of WAVLINK WN535 G3 M35G3R.V5030.180927 firmware. It allows attackers to achieve arbitrary code execution on the affected device by sending a specially crafted POST request. This vulnerability is extremely serious because arbitrary code execution grants an attacker full control over the compromised system, potentially leading to complete system compromise, data exfiltration, or further network penetration.
2. What are the CVSS score, severity level, and disclosure details?
The CVSS score for this vulnerability is 9.8, which places it at a Critical severity level.
- CVSS Score: 9.8 (Critical)
- Published Date: 2022-07-25 21:37:26
- Modified Date: 2024-08-03 09:15:15
3. Which products, vendors, systems, and versions are affected?
The specific product, vendor, system, and version confirmed to be affected is:
- Vendor: WAVLINK
- Product/System: WAVLINK WN535 G3
- Affected Version: M35G3R.V5030.180927
4. What is the technical root cause and attack vector?
The technical root cause of this vulnerability lies within the adm.cgi component of the WAVLINK WN535 G3 router's firmware. While the specific nature of the flaw (e.g., command injection, buffer overflow) is not detailed, it allows for arbitrary code execution. The attack vector involves an attacker sending a crafted POST request to the vulnerable adm.cgi endpoint.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by an attacker sending a malicious or "crafted" POST request to the adm.cgi component on a vulnerable WAVLINK WN535 G3 device running firmware version M35G3R.V5030.180927. Upon successful processing of this request, the attacker can execute arbitrary code with elevated privileges, gaining full control over the device.
11. What is the risk assessment and urgency level?
Given the CVSS score of 9.8 and the ability for attackers to achieve arbitrary code execution, the risk assessment for CVE-2022-34577 is High. The urgency level for addressing this vulnerability is Critical. Organizations and individuals using the affected WAVLINK WN535 G3 M35G3R.V5030.180927 firmware should take immediate action to mitigate the risk, as exploitation can lead to complete device compromise.
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNTCVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.