Vulnerabilities > Wavlink > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-30 CVE-2023-32620 Improper Authentication vulnerability in Wavlink Wl-Wn531Ax2 Firmware
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
low complexity
wavlink CWE-287
6.5
6.5
2022-07-25 CVE-2022-34572 Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
low complexity
wavlink CWE-425
5.7
5.7
2022-07-25 CVE-2022-34573 Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.
low complexity
wavlink CWE-425
6.3
6.3
2022-07-25 CVE-2022-34574 Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.
low complexity
wavlink CWE-425
5.7
5.7
2022-07-25 CVE-2022-34575 Improper Authentication vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.
low complexity
wavlink CWE-287
5.7
5.7
2022-07-20 CVE-2022-34048 Cross-site Scripting vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
network
low complexity
wavlink CWE-79
6.1
6.1
2022-07-20 CVE-2022-34049 Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.
network
low complexity
wavlink CWE-552
5.3
5.3
2022-05-13 CVE-2022-30489 Cross-site Scripting vulnerability in Wavlink Wn535G3 Firmware
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
network
low complexity
wavlink CWE-79
6.1
6.1