Vulnerabilities > Wavlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2022-48165 | Unspecified vulnerability in Wavlink Wl-Wn530H4 Firmware M30H4.V5030.210121 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 7.5 |
| 2022-11-29 | CVE-2022-44356 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204 WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | 7.5 |
| 2022-08-30 | CVE-2022-37149 | OS Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217 WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. | 9.8 |
| 2022-08-10 | CVE-2022-35517 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml. | 8.8 |
| 2022-08-10 | CVE-2022-35518 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35519 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35520 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. | 9.8 |
| 2022-08-10 | CVE-2022-35521 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35522 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35523 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml. | 9.8 |