Filtered by vendor Wavlink
Subscribe
Total
203 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10321 | 1 Wavlink | 2 Wl-wn578w2, Wl-wn578w2 Firmware | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-54747 | 1 Wavlink | 2 Wn531p3, Wn531p3 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-54745 | 1 Wavlink | 2 Wn701ae, Wn701ae Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-48705 | 1 Wavlink | 2 Wl-wn531p3, Wl-wn531p3 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field | |||||
| CVE-2024-39803 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter. | |||||
| CVE-2024-39802 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter. | |||||
| CVE-2024-39801 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter. | |||||
| CVE-2024-39800 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter. | |||||
| CVE-2024-39799 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter. | |||||
| CVE-2024-39798 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter. | |||||
| CVE-2024-39795 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter. | |||||
| CVE-2024-39794 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter. | |||||
| CVE-2024-39793 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter. | |||||
| CVE-2024-39790 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter. | |||||
| CVE-2024-39789 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter. | |||||
| CVE-2024-39788 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter. | |||||
| CVE-2024-39787 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter. | |||||
| CVE-2024-39786 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter. | |||||
| CVE-2024-39785 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter. | |||||
| CVE-2024-39784 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter. | |||||