This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OS Command Injection in WAVLINK routers. π **Consequences**: Attackers can execute arbitrary commands, steal data, modify system files, or take full control of the device without credentials.β¦
π‘οΈ **Root Cause**: CWE-78 (OS Command Injection). π **Flaw**: The `/cgi-bin/touchlist_sync.cgi` script fails to properly sanitize the `IP` parameter. Malicious input is passed directly to the OS shell.
Q3Who is affected? (Versions/Components)
π¦ **Affected Products**: WAVLINK WN535K2 and WN535K3 wireless routers. π **Vendor**: WAVLINK (China). β οΈ **Scope**: Specific firmware versions handling the `touchlist_sync` feature are vulnerable.
Q4What can hackers do? (Privileges/Data)
π **Hacker Powers**: Full system control! π **Data**: Access sensitive info. π **Actions**: Execute malware, modify data, or gain root access. No authentication is required for the initial exploit.
Q5Is exploitation threshold high? (Auth/Config)
π **Auth Required**: Local Network (AV:A). π **Privileges**: Low (PR:L). π― **Complexity**: Low (AC:L). You need to be on the same local network, but no password is needed to trigger the injection via the CGI endpoint.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exploit**: YES. π **PoC**: Available via Nuclei templates (projectdiscovery). π **Status**: Active exploitation is possible using known scripts targeting the `IP` argument in the CGI script.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for `/cgi-bin/touchlist_sync.cgi`. π‘ **Tool**: Use Nuclei or custom scripts to send a malicious `IP` payload.β¦
π¨ **Urgency**: HIGH! π΄ **Priority**: Critical. CVSS Score is High (H/H/H). β‘ **Reason**: Easy to exploit, no auth needed, and leads to full compromise. Patch or isolate immediately.