Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Wavlink Subscribe
Total 85 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35518 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2024-11-21 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
CVE-2022-35517 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2024-11-21 N/A 8.8 HIGH
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
CVE-2022-34592 1 Wavlink 2 Wl-wn575a3, Wl-wn575a3 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2022-34577 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 N/A 9.8 CRITICAL
A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
CVE-2022-34576 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 N/A 7.5 HIGH
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
CVE-2022-34575 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 N/A 5.7 MEDIUM
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.
CVE-2022-34574 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 N/A 5.7 MEDIUM
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.
CVE-2022-34573 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 N/A 6.3 MEDIUM
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.
CVE-2022-34572 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 N/A 5.7 MEDIUM
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
CVE-2022-34571 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 N/A 8.0 HIGH
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml.
CVE-2022-34570 1 Wavlink 2 Wl-wn579x3, Wl-wn579x3 Firmware 2024-11-21 N/A 7.5 HIGH
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
CVE-2022-34049 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 N/A 5.3 MEDIUM
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.
CVE-2022-34048 1 Wavlink 2 Wn533a8, Wn533a8 Firmware 2024-11-21 N/A 6.1 MEDIUM
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
CVE-2022-34047 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 N/A 7.5 HIGH
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
CVE-2022-34046 1 Wavlink 2 Wn533a8, Wn533a8 Firmware 2024-11-21 N/A 7.5 HIGH
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].
CVE-2022-34045 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 N/A 9.8 CRITICAL
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
CVE-2022-31847 1 Wavlink 2 Wn579x3, Wn579x3 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.
CVE-2022-31846 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-31845 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-31311 1 Wavlink 2 Aerial X 1200m, Aerial X 1200m Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.