Vulnerabilities > Wavlink > Wn535G3 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-35533 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35534 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35535 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35536 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35537 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
| 2022-08-10 | CVE-2022-35538 | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
| 2022-06-14 | CVE-2022-31845 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-06-14 | CVE-2022-31846 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-05-13 | CVE-2022-30489 | Cross-site Scripting vulnerability in Wavlink Wn535G3 Firmware WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | 4.3 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 5.0 |