The attack vector for this vulnerability is through the adm.cgi file. Attackers must be able to access the affected device to exploit this vulnerability. The adm.cgi file is located in the root of the C: drive. A malicious user with access to the device can exploit this vulnerability to execute commands with root privileges.

A command injection occurs when a web server accepts input from a user and sends it directly to the server as an HTTP request. Using input from users can lead to a vulnerability.

A WAVLINK WL-WN575A3 RPT75A3.V4300.201217 command injection vulnerability has been discovered and fixed by WAVLINK. The update package for WAVLINK WL-WN575A3 RPT75A3.V4300.201217 addresses this vulnerability by updating the adm.cgi file. If you are running an affected version of WAVLINK WL-WN575A3 RPT75A3.V4300.201217, you can upgrade to the latest version by updating your software.

If you're using WAVLINK WL-WN575A3 RPT75A3.V4300.201217 and have not updated your software, it's time to take action.
WAVLINK has discovered a command injection vulnerability in their WAVLINK WL-WN575A3 RPT75A3.V4300.201217 product which could be exploited by attackers when visiting the adm.cgi file on an affected device with root access and a vulnerable version of the firmware installed. This vulnerability was found to be fixed in the latest update package for WAVLINK WL-WN575A3 RPT75A3.V4300.201217 that was released on December 18th, 2016 (CVE-2022-37149). This vulnerability is not present in previous versions of this product; however, if you are running an affected version of this product, you can upgrade to the latest version by updating your software

WAVLINK WL-WN575A3 RPT75A3.V4300.201217 is a wireless router and access point. This device supports Wi-Fi, 3G/4G/Wi-Fi hotspot, and mobile internet services.

WAVLINK WL-WN575A3 RPT75A3.V4300.201217 - Command Injection Vulnerability
The attack vector for this vulnerability is through the adm.cgi file. Attackers must be able to access the affected device to exploit this vulnerability. The adm.cgi file is located in the root of the C: drive. A malicious user with access to the device can exploit this vulnerability to execute commands with root privileges.

A command injection occurs when a web server accepts input from a user and sends it directly to the server as an HTTP request. Using input from users can lead to a vulnerability.

A WAVLINK WL-WN575A3 RPT75A3.V4300.201217 command injection vulnerability has been discovered and fixed by WAVLINK. The update package for WAVLINK WL-WN575A3 RPT75A3.V4300.201217 addresses this vulnerability by updating the adm.cgi file and installing firmware v4368 on all affected devices so that attackers cannot exploit it anymore

The software information for WAVLINK WL-WN575A3 RPT75A3.V4300.201217 includes the following:

Software Version: 201217
Package Name: wl-wn575a3-rpt75a3v4300-201217
Product Name: WL-WN575A3 RPT75A3.V4300.201217
Manufacturer: WAVLINK INC
Company Name: WAVLINK INC
Date: 17 December 2012

Timeline

Published on: 08/30/2022 15:15:00 UTC
Last modified on: 09/07/2022 00:52:00 UTC

References