Vulnerabilities > Wavlink > WL Wn575A3 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-38861 Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware R75A3V1410220513
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
network
low complexity
wavlink CWE-77
critical
 9.8
9.8
2022-08-30 CVE-2022-37149 OS Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi.
network
low complexity
wavlink CWE-78
critical
 9.8
9.8
2022-07-07 CVE-2022-34592 Command Injection vulnerability in Wavlink Wl-Wn575A3 Firmware Rpt75A3.V4300.201217
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw.
network
low complexity
wavlink CWE-77
critical
 9.8
9.8
2020-05-07 CVE-2020-10971 Improper Input Validation vulnerability in Wavlink products
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time.
network
wavlink CWE-20
critical
 9.3
9.3