Shodan
Vulnerabilities
Vulnerable Software
Wavlink:  Security Vulnerabilities
CVE-2022-35519
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
CVSS Score
9.8
EPSS Score
0.052
Published
2022-08-10
CVE-2022-34570
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-25
CVE-2022-34571
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-07-25
CVE-2022-34572
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
CVSS Score
5.7
EPSS Score
0.001
Published
2022-07-25
CVE-2022-34573
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.
CVSS Score
6.3
EPSS Score
0.001
Published
2022-07-25
CVE-2022-34574
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.
CVSS Score
5.7
EPSS Score
0.001
Published
2022-07-25
CVE-2022-34575
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.
CVSS Score
5.7
EPSS Score
0.001
Published
2022-07-25
CVE-2022-34576
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.334
Published
2022-07-25
CVE-2022-34577
A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-07-25
CVE-2022-34045
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
CVSS Score
9.8
EPSS Score
0.363
Published
2022-07-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved