Filtered by vendor Wavlink Subscriptions
Total 78 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-54747 1 Wavlink 1 Wn531p3 Firmware 2024-12-09 9.8 Critical
WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2023-29708 1 Wavlink 1 Wavrouter App 2024-12-06 7.5 High
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
CVE-2023-32613 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2024-12-05 8.1 High
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
CVE-2023-32622 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2024-12-04 7.2 High
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.
CVE-2023-32620 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2024-12-04 6.5 Medium
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
CVE-2023-32621 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2024-12-04 7.2 High
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.
CVE-2023-32612 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2024-11-27 7.2 High
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
CVE-2023-3380 1 Wavlink 2 Wn579x3, Wn579x3 Firmware 2024-11-21 4.7 Medium
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-38861 1 Wavlink 3 Wl-wn575a3, Wl-wn575a3 Firmware, Wl Wnj575a3 2024-11-21 9.8 Critical
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
CVE-2023-30313 1 Wavlink 1 Quantum D2g 2024-11-21 7.5 High
An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service.
CVE-2022-48166 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 7.5 High
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-48165 1 Wavlink 2 Wl-wn530h4, Wl-wn530h4 Firmware 2024-11-21 7.5 High
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-48164 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2024-11-21 7.5 High
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-44356 1 Wavlink 2 Wl-wn531g3, Wl-wn531g3 Firmware 2024-11-21 7.5 High
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
CVE-2022-40623 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2024-11-21 8.8 High
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
CVE-2022-40622 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2024-11-21 8.8 High
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
CVE-2022-40621 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2024-11-21 7.5 High
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.
CVE-2022-37149 1 Wavlink 2 Wl-wn575a3, Wl-wn575a3 Firmware 2024-11-21 9.8 Critical
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.
CVE-2022-35538 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2024-11-21 9.8 Critical
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35537 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2024-11-21 9.8 Critical
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.