Vulnerabilities > Wavlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-20 CVE-2022-2486 OS Command Injection vulnerability in Wavlink Wl-Wn535K2 Firmware and Wl-Wn535K3 Firmware
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3.
network
low complexity
wavlink CWE-78
critical
 9.8
9.8
2022-07-20 CVE-2022-2487 OS Command Injection vulnerability in Wavlink Wl-Wn535K2 Firmware and Wl-Wn535K3 Firmware
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical.
network
low complexity
wavlink CWE-78
critical
 9.8
9.8
2022-07-20 CVE-2022-2488 OS Command Injection vulnerability in Wavlink Wl-Wn535K2 Firmware and Wl-Wn535K3 Firmware
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical.
network
low complexity
wavlink CWE-78
critical
 9.8
9.8
2022-07-07 CVE-2022-34592 Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw.
network
low complexity
wavlink CWE-77
critical
 9.8
9.8
2022-06-14 CVE-2022-31311 OS Command Injection vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
network
low complexity
wavlink CWE-78
critical
 9.8
9.8
2022-04-07 CVE-2022-23900 OS Command Injection vulnerability in Wavlink Wl-Wn531P3 Firmware M31G3.V5030.201204
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
network
low complexity
wavlink CWE-78
critical
 9.8
9.8
2022-03-17 CVE-2021-44259 Missing Authentication for Critical Function vulnerability in Wavlink Wl-Wn531G3 Firmware A42W1.27.620180418
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication.
network
low complexity
wavlink CWE-306
critical
 9.8
9.8
2021-02-09 CVE-2020-13117 Command Injection vulnerability in Wavlink Wn575A4 Firmware and Wn579X3 Firmware
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
network
low complexity
wavlink CWE-77
critical
 9.8
9.8
2020-10-02 CVE-2020-12126 Improper Authentication vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
network
low complexity
wavlink CWE-287
critical
 9.8
9.8
2020-10-02 CVE-2020-12125 Classic Buffer Overflow vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
network
low complexity
wavlink CWE-120
critical
 9.8
9.8