Filtered by vendor Wavlink
Subscribe
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13117 | 1 Wavlink | 4 Wn575a4, Wn575a4 Firmware, Wn579x3 and 1 more | 2025-08-19 | 10.0 HIGH | 9.8 CRITICAL |
| Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request. | |||||
| CVE-2025-44868 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2025-06-13 | N/A | N/A |
| Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-38894 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | N/A | N/A |
| WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. | |||||
| CVE-2024-38892 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | N/A | N/A |
| An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. | |||||
| CVE-2024-38895 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | N/A | N/A |
| WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. | |||||
| CVE-2024-38896 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | N/A | N/A |
| WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. | |||||
| CVE-2024-38897 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | N/A | N/A |
| WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. | |||||
| CVE-2025-44881 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2025-05-30 | N/A | N/A |
| A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2025-44880 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2025-05-30 | N/A | N/A |
| A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2025-44882 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2025-05-30 | N/A | N/A |
| A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2022-44356 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2025-04-25 | N/A | 7.5 HIGH |
| WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | |||||
| CVE-2022-48164 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-03-26 | N/A | 7.5 HIGH |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
| CVE-2022-48166 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2025-03-25 | N/A | 7.5 HIGH |
| An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
| CVE-2022-2488 | 1 Wavlink | 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more | 2025-01-14 | N/A | 9.8 CRITICAL |
| A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-29708 | 1 Wavlink | 1 Wavrouter App | 2024-12-06 | N/A | 7.5 HIGH |
| An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. | |||||
| CVE-2023-32622 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-12-04 | N/A | 7.2 HIGH |
| Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. | |||||
| CVE-2023-32612 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-11-27 | N/A | 7.2 HIGH |
| Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege. | |||||
| CVE-2024-10429 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-11-13 | N/A | 7.2 HIGH |
| A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10428 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-11-13 | N/A | 7.2 HIGH |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10194 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | N/A | 8.8 HIGH |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||