Vulnerabilities > Wavlink > Wn535G3 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2022-31845 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-06-14 | CVE-2022-31846 | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
| 2022-05-13 | CVE-2022-30489 | Cross-site Scripting vulnerability in Wavlink Wn535G3 Firmware WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | 4.3 |
| 2020-05-07 | CVE-2020-10974 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. | 5.0 |
| 2020-04-27 | CVE-2020-12266 | Missing Authentication for Critical Function vulnerability in Wavlink products An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. | 5.0 |