CVE-2022-34592 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-34592?

CVE-2022-34592 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN575A3 routers via a crafted POST request to the obtw function. It affects users of the specified router model running the vulnerable firmware version, potentially leading to full device compromise.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on Wavlink WL-WN575A3 routers via a crafted POST request to the obtw function. It affects users of the specified router model running the vulnerable firmware version, potentially leading to full device compromise.

💻 Affected Systems

Products:

Wavlink WL-WN575A3

Versions: RPT75A3.V4300.201217

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: This specific firmware version is confirmed vulnerable; other versions may also be affected but unverified.

📦 What is this software?

Wl Wn575a3 Firmware by Wavlink

View all CVEs affecting Wl Wn575a3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full control of the router, enabling them to intercept traffic, deploy malware, pivot to internal networks, or brick the device.

🟠

Likely Case

Unauthenticated remote code execution resulting in device takeover, data theft, or use in botnets.

🟢

If Mitigated

Limited impact if the device is isolated or patched, but still poses risk if exposed.

🌐 Internet-Facing: HIGH, as the exploit is unauthenticated and can be triggered remotely over the internet.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it if network access is available, but external exposure increases severity.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details and proof-of-concept are publicly available in GitHub repositories, making it easy for attackers to leverage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check Wavlink's official website or support for firmware updates; if none, consider workarounds or replacement.

🔧 Temporary Workarounds

Network Isolation

all

Restrict access to the router's management interface to trusted internal networks only.

Configure firewall rules to block external access to the router's IP on management ports (e.g., 80, 443).

Disable Unused Services

all

Turn off remote management features if not required to reduce attack surface.

Access router settings via web interface and disable remote administration or unnecessary services.

🧯 If You Can't Patch

Replace the router with a model that receives security updates and is not vulnerable.
Implement strict network segmentation to limit the router's exposure and monitor for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the router's web interface under System or Admin settings; if it matches RPT75A3.V4300.201217, it is vulnerable.

Check Version:

Log into the router's web interface and navigate to the system information page to view the firmware version.

Verify Fix Applied:

Update to a newer firmware version from Wavlink and confirm the version has changed away from the vulnerable one.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to paths containing 'obtw', unexpected command execution logs, or failed login attempts.

Network Indicators:

Suspicious traffic to the router's management port from untrusted sources, especially with crafted payloads.

SIEM Query:

Example: search for 'POST /cgi-bin/obtw' in web logs with non-standard parameters or shell commands.

📊 Metadata

CVE ID: CVE-2022-34592

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: July 7, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/winmt/CVE/blob/main/WAVLINK%20WL-WN575A3/README.md Exploit,Third Party Advisory
https://github.com/winmt/my-vuls/tree/main/WAVLINK%20WL-WN575A3
https://github.com/winmt/CVE/blob/main/WAVLINK%20WL-WN575A3/README.md Exploit,Third Party Advisory
https://github.com/winmt/my-vuls/tree/main/WAVLINK%20WL-WN575A3

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34592, you might also want to check these: