Vulnerabilities > Wavlink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-17 | CVE-2021-44260 | Missing Authentication for Critical Function vulnerability in Wavlink Wl-Wn531G3 Firmware A42W1.27.620180418 A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. | 5.0 |
| 2021-02-09 | CVE-2020-13117 | Command Injection vulnerability in Wavlink Wn575A4 Firmware and Wn579X3 Firmware Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request. | 10.0 |
| 2020-10-02 | CVE-2020-12127 | Information Exposure vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | 5.0 |
| 2020-10-02 | CVE-2020-12126 | Improper Authentication vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | 7.5 |
| 2020-10-02 | CVE-2020-12125 | Classic Buffer Overflow vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. | 10.0 |
| 2020-10-02 | CVE-2020-12124 | OS Command Injection vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. | 10.0 |
| 2020-10-02 | CVE-2020-12123 | Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. | 7.8 |
| 2020-07-01 | CVE-2020-15490 | Classic Buffer Overflow vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. | 10.0 |
| 2020-07-01 | CVE-2020-15489 | Injection vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. | 10.0 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 5.0 |