CVE-2022-30489

MEDIUM NUCLEI

Wavlink Wn535g3 Firmware - XSS

Title source: rule

Description

WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.

Exploits (1)

nomisec WORKING POC 2 stars
by badboycxcc · poc
https://github.com/badboycxcc/XSS-CVE-2022-30489

Nuclei Templates (1)

Wavlink WN-535G3 - Cross-Site Scripting
MEDIUMVERIFIEDby For3stCo1d
Shodan: http.title:"Wi-Fi APP Login" || http.html:"wavlink" || http.title:"wi-fi app login"
FOFA: title="wi-fi app login" || body="wavlink"

References (1)

Scores

CVSS v3 6.1
EPSS 0.2875
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
wavlink/wn535g3_firmware
Published May 13, 2022
Tracked Since Feb 18, 2026