Shodan
Vulnerabilities
Vulnerable Software
Wavlink:  Security Vulnerabilities
CVE-2024-38895
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-24
CVE-2024-38896
WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVSS Score
5.3
EPSS Score
0.078
Published
2024-06-24
CVE-2024-38897
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-24
CVE-2023-38861
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-08-15
CVE-2023-32612
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-06-30
CVE-2023-32613
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-06-30
CVE-2023-32620
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-30
CVE-2023-32621
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-06-30
CVE-2023-32622
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-06-30
CVE-2023-3380
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.7
EPSS Score
0.48
Published
2023-06-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved