Wavlink: Security Vulnerabilities
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.617
Published
2022-06-14
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.382
Published
2022-06-14
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.584
Published
2022-06-14
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-06-14
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
CVSS Score
6.1
EPSS Score
0.291
Published
2022-05-13
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
CVSS Score
9.8
EPSS Score
0.058
Published
2022-04-07
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-17
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.
CVSS Score
7.5
EPSS Score
0.264
Published
2022-03-17
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
CVSS Score
9.8
EPSS Score
0.939
Published
2021-02-09
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.
CVSS Score
8.1
EPSS Score
0.001
Published
2020-10-02