TyeYeah

3 exploits Active since Jun 2022
CVE-2022-29778 NOMISEC HIGH WORKING POC
D-Link DIR-890L < 1.22b01 - Remote Code Execution via Hardcoded Wake-On-Lan Descriptor
D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php
1 stars
CVSS 8.8
CVE-2022-35517 WRITEUP HIGH WRITEUP
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 - OS Command Injection via adm.cgi Parameters
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
CVSS 8.8
CVE-2022-35520 WRITEUP CRITICAL WRITEUP
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 - OS Command Injection via Hidden ufconf Parameter
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
CVSS 9.8