Vulnerabilities > Wavlink > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-06 | CVE-2022-48164 | Unspecified vulnerability in Wavlink Wl-Wn533A8 Firmware M33A8.V5030.190716 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 7.5 |
2023-02-03 | CVE-2022-48165 | Unspecified vulnerability in Wavlink Wl-Wn530H4 Firmware M30H4.V5030.210121 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 7.5 |
2022-11-29 | CVE-2022-44356 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204 WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | 7.5 |
2022-09-13 | CVE-2022-40621 | Authentication Bypass by Capture-replay vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack. | 7.5 |
2022-09-13 | CVE-2022-40622 | Improper Authentication vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. | 8.8 |
2022-09-13 | CVE-2022-40623 | Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution. | 8.8 |
2022-08-10 | CVE-2022-35517 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml. | 8.8 |
2022-07-25 | CVE-2022-34570 | Forced Browsing vulnerability in Wavlink Wl-Wn579X3 Firmware M79X3.V5030.191012 WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | 7.5 |
2022-07-25 | CVE-2022-34571 | Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. | 8.0 |
2022-07-25 | CVE-2022-34576 | Unspecified vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. | 7.5 |