Filtered by vendor Wavlink Subscriptions
Total 78 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-34572 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 5.7 Medium
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
CVE-2022-34571 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 8.0 High
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml.
CVE-2022-34570 1 Wavlink 2 Wl-wn579x3, Wl-wn579x3 Firmware 2024-11-21 7.5 High
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
CVE-2022-34049 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 5.3 Medium
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.
CVE-2022-34048 1 Wavlink 2 Wn533a8, Wn533a8 Firmware 2024-11-21 6.1 Medium
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
CVE-2022-34047 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 7.5 High
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
CVE-2022-34046 1 Wavlink 2 Wn533a8, Wn533a8 Firmware 2024-11-21 7.5 High
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].
CVE-2022-34045 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 9.8 Critical
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
CVE-2022-31847 1 Wavlink 2 Wn579x3, Wn579x3 Firmware 2024-11-21 7.5 High
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.
CVE-2022-31846 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 7.5 High
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-31845 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 7.5 High
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-31311 1 Wavlink 2 Aerial X 1200m, Aerial X 1200m Firmware 2024-11-21 9.8 Critical
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2022-31309 1 Wavlink 2 Aerial X 1200m, Aerial X 1200m Firmware 2024-11-21 7.5 High
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-31308 1 Wavlink 2 Aerial X 1200m, Aerial X 1200m Firmware 2024-11-21 7.5 High
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVE-2022-30489 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 6.1 Medium
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
CVE-2022-2488 1 Wavlink 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more 2024-11-21 8 High
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.
CVE-2022-2487 1 Wavlink 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more 2024-11-21 8 High
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.
CVE-2022-2486 1 Wavlink 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more 2024-11-21 8 High
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used.
CVE-2022-23900 1 Wavlink 2 Wl-wn531p3, Wl-wn531p3 Firmware 2024-11-21 9.8 Critical
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
CVE-2021-44260 1 Wavlink 2 Wl-wn531g3, Wl-wn531g3 Firmware 2024-11-21 7.5 High
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.