Vulnerabilities > Wavlink > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-06 CVE-2022-48164 Unspecified vulnerability in Wavlink Wl-Wn533A8 Firmware M33A8.V5030.190716
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
network
low complexity
wavlink
7.5
2023-02-03 CVE-2022-48165 Unspecified vulnerability in Wavlink Wl-Wn530H4 Firmware M30H4.V5030.210121
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
network
low complexity
wavlink
7.5
2022-11-29 CVE-2022-44356 Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn531G3 Firmware M31G3.V5030.200325/M31G3.V5030.201204
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
network
low complexity
wavlink CWE-552
7.5
2022-09-13 CVE-2022-40621 Authentication Bypass by Capture-replay vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.
network
high complexity
wavlink CWE-294
7.5
2022-09-13 CVE-2022-40622 Improper Authentication vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens.
low complexity
wavlink CWE-287
8.8
2022-09-13 CVE-2022-40623 Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
network
low complexity
wavlink CWE-352
8.8
2022-08-10 CVE-2022-35517 Unspecified vulnerability in Wavlink products
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
network
low complexity
wavlink
8.8
2022-07-25 CVE-2022-34570 Forced Browsing vulnerability in Wavlink Wl-Wn579X3 Firmware M79X3.V5030.191012
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
network
low complexity
wavlink CWE-425
7.5
2022-07-25 CVE-2022-34571 Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml.
low complexity
wavlink CWE-425
8.0
2022-07-25 CVE-2022-34576 Unspecified vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
network
low complexity
wavlink
7.5