Filtered by vendor Wavlink
Subscribe
Total
72 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3380 | 1 Wavlink | 2 Wn579x3, Wn579x3 Firmware | 2024-04-11 | 5.8 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-38861 | 1 Wavlink | 2 Wl-wn575a3, Wl-wn575a3 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | |||||
CVE-2023-32622 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2023-12-10 | N/A | 7.2 HIGH |
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. | |||||
CVE-2023-32621 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2023-12-10 | N/A | 7.2 HIGH |
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. | |||||
CVE-2023-32620 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | |||||
CVE-2023-32612 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2023-12-10 | N/A | 7.2 HIGH |
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege. | |||||
CVE-2023-29708 | 1 Wavlink | 1 Wavrouter App | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. | |||||
CVE-2023-32613 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2023-12-10 | N/A | 8.1 HIGH |
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in. | |||||
CVE-2022-48166 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
CVE-2022-48164 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
CVE-2022-44356 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | |||||
CVE-2022-48165 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
CVE-2022-37149 | 1 Wavlink | 2 Wl-wn575a3, Wl-wn575a3 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter. | |||||
CVE-2022-34572 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-12-10 | N/A | 5.7 MEDIUM |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. | |||||
CVE-2022-40623 | 1 Wavlink | 2 Wn531g3, Wn531g3 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution. | |||||
CVE-2022-35519 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2023-12-10 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml. | |||||
CVE-2022-34573 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-12-10 | N/A | 6.3 MEDIUM |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. | |||||
CVE-2022-35533 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2023-12-10 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml. | |||||
CVE-2022-35517 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2023-12-10 | N/A | 8.8 HIGH |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml. | |||||
CVE-2022-35521 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2023-12-10 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml. |