Wavlink Command Injection (CVE-2022–23900)

Your Router Is My Router

TL/DR:

The Wavlink WL-WN531P3 router exposes an API endpoint susceptible to command injection. This API endpoint is reachable without an authentication header, meaning the vulnerability can be exploited by an unauthenticated attacker. Furthermore, the router has no CSRF protection, thus RCE can be achieved without connecting to the local network.

Vulnerability Description and Discovery: