Vulnerabilities > Wavlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-06 | CVE-2022-48166 | Missing Authorization vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.201217 An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 7.5 |
| 2023-02-06 | CVE-2022-48164 | Unspecified vulnerability in Wavlink Wl-Wn533A8 Firmware M33A8.V5030.190716 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 7.5 |
| 2023-02-03 | CVE-2022-48165 | Unspecified vulnerability in Wavlink Wl-Wn530H4 Firmware M30H4.V5030.210121 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 7.5 |
| 2022-11-29 | CVE-2022-44356 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204 WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | 7.5 |
| 2022-07-20 | CVE-2022-34046 | Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716 An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. | 7.5 |
| 2022-07-20 | CVE-2022-34047 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. | 7.5 |
| 2022-07-07 | CVE-2022-34592 | Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217 Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. | 7.5 |
| 2022-06-14 | CVE-2022-31308 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-06-14 | CVE-2022-31309 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-06-14 | CVE-2022-31311 | Command Injection vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. | 10.0 |