Vulnerabilities > Wavlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-20 | CVE-2022-34046 | Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716 An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. | 7.5 |
| 2022-07-20 | CVE-2022-34047 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. | 7.5 |
| 2022-06-14 | CVE-2022-31308 | Information Exposure vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 |
| 2022-06-14 | CVE-2022-31309 | Information Exposure vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 |
| 2022-06-14 | CVE-2022-31845 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 |
| 2022-06-14 | CVE-2022-31846 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 |
| 2022-06-14 | CVE-2022-31847 | Forced Browsing vulnerability in Wavlink Wn579X3 Firmware M79X3.V5030.180719 A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | 7.5 |
| 2022-03-17 | CVE-2021-44260 | Missing Authentication for Critical Function vulnerability in Wavlink Wl-Wn531G3 Firmware A42W1.27.620180418 A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. | 7.5 |
| 2020-10-02 | CVE-2020-12127 | Missing Authentication for Critical Function vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | 7.5 |
| 2020-10-02 | CVE-2020-12123 | Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. | 8.1 |