{"vulnerability": "CVE-2022-3552", "sightings": [{"uuid": "806eeeae-e04e-4867-8fa0-1bfe4b2abc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3552", "type": "published-proof-of-concept", "source": "Telegram/pAhL0Y0-25WuKbTjtFnfR_Xs2-BuvkpahhgLLseEPoVFP08", "content": "", "creation_timestamp": "2025-04-28T05:00:06.000000Z"}, {"uuid": "8700a90b-6161-47e0-9c14-2916e7e7bffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3552", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16026", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3552\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T18:57:29.361Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/c6e2973d-386d-4667-9426-10d10828539b\n2. https://github.com/boxbilling/boxbilling/commit/b6705995785eaa8653e876318c9b3d82060dc945\n3. http://packetstormsecurity.com/files/171542/BoxBilling-4.22.1.5-Remote-Code-Execution.html", "creation_timestamp": "2025-05-12T19:29:14.000000Z"}, {"uuid": "ec93d50e-faf8-4fdb-879d-559b2a04b5ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3552", "type": "seen", "source": "https://t.me/cibsecurity/51644", "content": "\u203c CVE-2022-3552 \u203c\n\nUnrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-18T00:13:39.000000Z"}, {"uuid": "eadc59fb-b678-4cff-8f75-6d6739d9f2b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3552", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51108", "content": "", "creation_timestamp": "2023-03-28T00:00:00.000000Z"}, {"uuid": "c00e07d4-2696-4b21-9454-2cdcab5f7967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35526", "type": "seen", "source": "https://t.me/cibsecurity/47900", "content": "\u203c CVE-2022-35526 \u203c\n\nWAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:26:26.000000Z"}, {"uuid": "3b87c2a0-a2d1-43bb-bdf2-fe364e33bf90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35522", "type": "seen", "source": "https://t.me/cibsecurity/47913", "content": "\u203c CVE-2022-35522 \u203c\n\nWAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:32:20.000000Z"}, {"uuid": "d1ffd7a3-7e3d-466f-885b-1b4fb323f13c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35524", "type": "seen", "source": "https://t.me/cibsecurity/47910", "content": "\u203c CVE-2022-35524 \u203c\n\nWAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:32:17.000000Z"}, {"uuid": "5cdebaed-896b-473c-af1d-f27fa3ced5a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35521", "type": "seen", "source": "https://t.me/cibsecurity/47906", "content": "\u203c CVE-2022-35521 \u203c\n\nWAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:32:13.000000Z"}]}