Vulnerabilities > Wavlink > Wn535G3 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-13 CVE-2022-30489 Cross-site Scripting vulnerability in Wavlink Wn535G3 Firmware
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
network
low complexity
wavlink CWE-79
6.1
6.1
2020-05-07 CVE-2020-10974 Missing Authentication for Critical Function vulnerability in Wavlink products
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password.
network
low complexity
wavlink CWE-306
7.5
7.5
2020-04-27 CVE-2020-12266 Missing Authentication for Critical Function vulnerability in Wavlink products
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage.
network
low complexity
wavlink CWE-306
7.5
7.5