Filtered by vendor Wavlink
Subscribe
Total
72 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34047 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. | |||||
CVE-2022-34045 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. | |||||
CVE-2022-2487 | 1 Wavlink | 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-35536 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2023-12-10 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. | |||||
CVE-2022-35523 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2023-12-10 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml. | |||||
CVE-2022-34574 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-12-10 | N/A | 5.7 MEDIUM |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. | |||||
CVE-2022-34575 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-12-10 | N/A | 5.7 MEDIUM |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. | |||||
CVE-2022-2486 | 1 Wavlink | 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | |||||
CVE-2022-31308 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
CVE-2022-31846 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
CVE-2021-44259 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner. | |||||
CVE-2022-31311 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. | |||||
CVE-2022-30489 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | |||||
CVE-2022-23900 | 1 Wavlink | 2 Wl-wn531p3, Wl-wn531p3 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi. | |||||
CVE-2021-44260 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. | |||||
CVE-2022-31309 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
CVE-2022-31847 | 1 Wavlink | 2 Wn579x3, Wn579x3 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | |||||
CVE-2022-31845 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
CVE-2020-12124 | 1 Wavlink | 2 Wn530h4, Wn530h4 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. |