Vulnerabilities > Wavlink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-35525 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35526 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35533 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35534 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35535 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35536 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35537 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35538 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
| 2022-07-25 | CVE-2022-34577 | Unspecified vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. | 9.8 |
| 2022-07-20 | CVE-2022-34045 | Use of Hard-coded Credentials vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. | 9.8 |