Vulnerabilities > Wavlink > WL Wn575A3 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-38861 | Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware R75A3V1410220513 An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | 9.8 |
| 2022-08-30 | CVE-2022-37149 | OS Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217 WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. | 9.8 |
| 2022-07-07 | CVE-2022-34592 | Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217 Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. | 9.8 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 7.5 |
| 2020-05-07 | CVE-2020-10971 | Improper Input Validation vulnerability in Wavlink products An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. | 8.8 |
| 2020-04-27 | CVE-2020-12266 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. | 7.5 |