## wavlink mesh.cgi command execution (CVE-2022-2486)

|   **Vulnerability**  | **wavlink mesh.cgi command execution (CVE-2022-2486)**  |
| :----:   | :-----|
|  **Chinese name**  | wavlink mesh.cgi命令执行漏洞（CVE-2022-2486） |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [body="firstFlage"](https://fofa.info/result?qbase64=Ym9keT0iZmlyc3RGbGFnZSI%3D) |
| **Number of assets affected**  | 3078 |
| **Description**  | WAVLINK is a router developed by China Ruiyin Technology (WAVLINK) company. The system mesh.cgi file has a command execution vulnerability, and attackers can obtain server privileges through this vulnerability. Including models WN530HG4, WN531G3, WN572HG3, WN535G3, WN575A4, etc. |
| **Impact** | Attackers can use this vulnerability to execute system commands to gain server privileges. |

![](https://s3.bmp.ovh/imgs/2023/04/07/a53061701522ba0d.gif)