Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Wavlink Subscribe
Total 72 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35538 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2023-08-08 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-31309 1 Wavlink 2 Aerial X 1200m, Aerial X 1200m Firmware 2023-08-08 5.0 MEDIUM 7.5 HIGH
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-35520 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2023-08-08 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
CVE-2022-35522 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2023-08-08 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.
CVE-2022-35533 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2023-08-08 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.
CVE-2022-35537 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2023-08-08 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35524 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2023-08-08 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.
CVE-2022-37149 1 Wavlink 2 Wl-wn575a3, Wl-wn575a3 Firmware 2023-08-08 N/A 9.8 CRITICAL
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.
CVE-2022-23900 1 Wavlink 2 Wl-wn531p3, Wl-wn531p3 Firmware 2023-08-08 7.5 HIGH 9.8 CRITICAL
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
CVE-2022-34592 1 Wavlink 2 Wl-wn575a3, Wl-wn575a3 Firmware 2023-08-01 7.5 HIGH 9.8 CRITICAL
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2023-32622 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2023-07-06 N/A 7.2 HIGH
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.
CVE-2023-32621 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2023-07-06 N/A 7.2 HIGH
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.
CVE-2023-32620 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2023-07-06 N/A 6.5 MEDIUM
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
CVE-2023-32613 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2023-07-06 N/A 8.1 HIGH
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
CVE-2023-32612 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2023-07-06 N/A 7.2 HIGH
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
CVE-2023-29708 1 Wavlink 1 Wavrouter App 2023-06-30 N/A 7.5 HIGH
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
CVE-2022-48164 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2023-02-14 N/A 7.5 HIGH
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-48166 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2023-02-14 N/A 7.5 HIGH
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-48165 1 Wavlink 2 Wl-wn530h4, Wl-wn530h4 Firmware 2023-02-13 N/A 7.5 HIGH
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-44356 1 Wavlink 2 Wl-wn531g3, Wl-wn531g3 Firmware 2022-12-02 N/A 7.5 HIGH
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.