Vulnerabilities > Wavlink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-30 | CVE-2023-32620 | Improper Authentication vulnerability in Wavlink Wl-Wn531Ax2 Firmware Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | 6.5 |
| 2022-07-25 | CVE-2022-34572 | Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. | 5.7 |
| 2022-07-25 | CVE-2022-34573 | Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. | 6.3 |
| 2022-07-25 | CVE-2022-34574 | Forced Browsing vulnerability in Wavlink Wifi-Repeater Firmware Rpta277W.M4300.01.Gd.2017Sep19 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. | 5.7 |
| 2022-06-14 | CVE-2022-31845 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-06-14 | CVE-2022-31846 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-05-13 | CVE-2022-30489 | Cross-site Scripting vulnerability in Wavlink Wn535G3 Firmware WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | 4.3 |
| 2022-03-17 | CVE-2021-44260 | Missing Authentication for Critical Function vulnerability in Wavlink Wl-Wn531G3 Firmware A42W1.27.620180418 A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. | 5.0 |
| 2020-10-02 | CVE-2020-12127 | Information Exposure vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | 5.0 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 5.0 |