Wavlink: Security Vulnerabilities
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.
CVSS Score
8.0
EPSS Score
0.94
Published
2022-07-20
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.185
Published
2022-07-07
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-06-14
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.026
Published
2022-06-14
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.617
Published
2022-06-14
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.382
Published
2022-06-14
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.
CVSS Score
7.5
EPSS Score
0.298
Published
2022-06-14
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-06-14
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
CVSS Score
6.1
EPSS Score
0.163
Published
2022-05-13
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
CVSS Score
9.8
EPSS Score
0.058
Published
2022-04-07