Vulnerabilities > Wavlink > Wn530H4 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-02 | CVE-2020-12127 | Missing Authentication for Critical Function vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | 7.5 |
| 2020-10-02 | CVE-2020-12126 | Improper Authentication vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | 9.8 |
| 2020-10-02 | CVE-2020-12125 | Classic Buffer Overflow vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. | 9.8 |
| 2020-10-02 | CVE-2020-12124 | OS Command Injection vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. | 9.8 |
| 2020-10-02 | CVE-2020-12123 | Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403 CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. | 8.1 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 7.5 |
| 2020-04-27 | CVE-2020-12266 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. | 7.5 |