Vulnerabilities > Wavlink > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-10974 Missing Authentication for Critical Function vulnerability in Wavlink products
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password.
network
low complexity
wavlink CWE-306
7.5
2020-05-07 CVE-2020-10973 Missing Authentication for Critical Function vulnerability in Wavlink products
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password.
network
low complexity
wavlink CWE-306
7.5
2020-05-07 CVE-2020-10972 Insufficiently Protected Credentials vulnerability in Wavlink products
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page.
network
low complexity
wavlink CWE-522
7.5
2020-05-07 CVE-2020-10971 Improper Input Validation vulnerability in Wavlink products
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time.
network
low complexity
wavlink CWE-20
8.8
2020-04-27 CVE-2020-12266 Missing Authentication for Critical Function vulnerability in Wavlink products
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage.
network
low complexity
wavlink CWE-306
7.5