Wavlink WN533A8 Cross-Site Scripting


Wavlink is a wireless network and comprehensive IT peripherals brand that serves countries around the world
Its product offerings include the Wavlink WN533A8, a wireless router with tri-band Wi-Fi technology that adds another independent stream of communication onto 5 GHz to increase network bandwidth.

Cross-Site Scripting
Cross-Site Scripting (XSS) attacks are a type of injection attack that occurs when malicious scripts are injected into otherwise benign and trusted websites. An attacker then uses a web application to send malicious code, generally in the form of a browser side script, to the end user.

XSS attacks abuse the dynamic way websites interact with the browsers. These attacks make it possible , for an attacker, to control the victim’s browser and their interaction with a given vulnerable website. Injection attacks display back content provided or controlled by a user, like an URL parameter or an input field. This opens the door to manipulation of the content.
When the website or application simply reflects back content maliciously manipulated by user it is called a reflected XSS attack. This reflection affects the way browsers displays the page , how they behave and process things.

Wavlink WN533A8 Cross-Site Scripting | CVE-2022-34048
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
The application fails to validate and sanitize input leading to XSS. When a malicious code is passed to the vulnerable login_page , it is reflected back to the victim browser. Since the code comes from a “trusted” server, the browser then executes it .This could lead to disclosure of a user’s session cookie,which in turn could allow the attacker to hijack the user’s session and take over the account.


SonicWall Capture Labs provides protection against this threat via following signature:

  • IPS 1326:Wavlink WN533A8 Cross-Site Scripting

Threat Graph

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.