Vulnerabilities > Wavlink

DATE CVE VULNERABILITY TITLE RISK
2023-02-06 CVE-2022-48166 Missing Authorization vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.201217
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
network
low complexity
wavlink CWE-862
7.5
2023-02-06 CVE-2022-48164 Unspecified vulnerability in Wavlink Wl-Wn533A8 Firmware M33A8.V5030.190716
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
network
low complexity
wavlink
7.5
2023-02-03 CVE-2022-48165 Unspecified vulnerability in Wavlink Wl-Wn530H4 Firmware M30H4.V5030.210121
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
network
low complexity
wavlink
7.5
2022-11-29 CVE-2022-44356 Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
network
low complexity
wavlink CWE-552
7.5
2022-07-20 CVE-2022-34046 Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].
network
low complexity
wavlink CWE-863
7.5
2022-07-20 CVE-2022-34047 Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
network
low complexity
wavlink CWE-668
7.5
2022-07-07 CVE-2022-34592 Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw.
network
low complexity
wavlink CWE-77
7.5
2022-06-14 CVE-2022-31308 Exposure of Resource to Wrong Sphere vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.
network
low complexity
wavlink CWE-668
5.0
2022-06-14 CVE-2022-31309 Exposure of Resource to Wrong Sphere vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.
network
low complexity
wavlink CWE-668
5.0
2022-06-14 CVE-2022-31311 Command Injection vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
network
low complexity
wavlink CWE-77
critical
10.0