Latest Wavlink Vulnerabilities

CVE-2023-38861
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
Wavlink Wl-wn575a3 Firmware=r75a3_v1410_220513
Wavlink WL-WN575A3
CVE-2023-32613
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login witho...
Wavlink Wl-wn531ax2 Firmware<2023526
Wavlink Wl-wn531ax2
CVE-2023-32622
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.
Wavlink Wl-wn531ax2 Firmware<2023526
Wavlink Wl-wn531ax2
CVE-2023-32621
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.
Wavlink Wl-wn531ax2 Firmware<2023526
Wavlink Wl-wn531ax2
CVE-2023-32620
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
Wavlink Wl-wn531ax2 Firmware<2023526
Wavlink Wl-wn531ax2
CVE-2023-32612
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with...
Wavlink Wl-wn531ax2 Firmware<2023526
Wavlink Wl-wn531ax2
CVE-2023-3380
Wavlink WN579X3 Ping Test adm.cgi injection
Wavlink Wn579x3 Firmware<=2023-06-15
Wavlink WN579X3
Wavlink Wn579x3 Firmware<=2023-06-15
Wavlink WN579X3
CVE-2023-29708
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
=rpt70ha1.x
=rpt70ha1.x
CVE-2022-48166
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
Wavlink Wl-wn530hg4 Firmware=m30hg4.v5030.201217
Wavlink WL-WN530HG4
CVE-2022-48165
Wavlink Wl-wn530h4 Firmware=m30h4.v5030.210121
Wavlink WL-WN530H4
CVE-2022-44356
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data a...
Wavlink Wl-wn531g3 Firmware=m31g3.v5030.200325
Wavlink Wl-wn531g3 Firmware=m31g3.v5030.201204
Wavlink Wl-wn531g3
CVE-2022-40621
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supp...
Wavlink Wn531g3 Firmware<=m31g3.v5030.200325
Wavlink WN531G3
CVE-2022-40622
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address...
Wavlink Wn531g3 Firmware<=m31g3.v5030.200325
Wavlink WN531G3
CVE-2022-40623
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, un...
Wavlink Wn531g3 Firmware<=m31g3.v5030.200325
Wavlink WN531G3
CVE-2022-37149
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands v...
Wavlink Wl-wn575a3 Firmware=rpt75a3.v4300.201217
Wavlink WL-WN575A3
CVE-2022-35538
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in pag...
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35537
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35536
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35535
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35534
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35526
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35524
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads...
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35533
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35525
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35522
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wa...
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35523
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35521
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which...
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads...
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35518
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35517
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd ...
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-35519
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
Wavlink Wn572hp3 Firmware
WAVLINK WN572HP3
Wavlink Wn533a8 Firmware
Wavlink WN533A8
Wavlink Wn530h4 Firmware
Wavlink WN530H4
and 4 more
CVE-2022-34571
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtm...
Wavlink Wifi-repeater Firmware=rpta2-77w.m4300.01.gd.2017sep19
CVE-2022-34573
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.
Wavlink Wifi-repeater Firmware=rpta2-77w.m4300.01.gd.2017sep19
CVE-2022-34576
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
Wavlink Wn535g3 Firmware=m35g3r.v5030.180927
Wavlink WN535G3
CVE-2022-34575
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.
Wavlink Wifi-repeater Firmware=rpta2-77w.m4300.01.gd.2017sep19
CVE-2022-34570
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
Wavlink Wl-wn579x3 Firmware=m79x3.v5030.191012
Wavlink Wl-wn579x3
CVE-2022-34572
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
Wavlink Wifi-repeater Firmware=rpta2-77w.m4300.01.gd.2017sep19
CVE-2022-34574
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.
Wavlink Wifi-repeater Firmware=rpta2-77w.m4300.01.gd.2017sep19
CVE-2022-34049
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.
Wavlink Wl-wn530hg4 Firmware=m30hg4.v5030.191116
Wavlink WL-WN530HG4
CVE-2022-34045
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
Wavlink Wl-wn530hg4 Firmware=m30hg4.v5030.191116
Wavlink WL-WN530HG4
CVE-2022-34048
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
Wavlink Wn533a8 Firmware=m33a8.v5030.190716
Wavlink WN533A8
CVE-2022-34046
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(u...
Wavlink Wn533a8 Firmware=m33a8.v5030.190716
Wavlink WN533A8
CVE-2022-34047
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var sys...
Wavlink Wl-wn530hg4 Firmware=m30hg4.v5030.191116
Wavlink WL-WN530HG4
CVE-2022-2487
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument st...
Wavlink Wl-wn535k2 Firmware
Wavlink Wl-wn535k2
Wavlink Wl-wn535k3 Firmware
Wavlink Wl-wn535k3
CVE-2022-2486
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument k...
Wavlink Wl-wn535k2 Firmware
Wavlink Wl-wn535k2
Wavlink Wl-wn535k3 Firmware
Wavlink Wl-wn535k3
CVE-2022-2488
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argumen...
Wavlink Wl-wn535k2 Firmware
Wavlink Wl-wn535k2
Wavlink Wl-wn535k3 Firmware
Wavlink Wl-wn535k3
CVE-2022-34592
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a craft...
Wavlink Wl-wn575a3 Firmware=rpt75a3.v4300.201217
Wavlink WL-WN575A3
CVE-2022-31845
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.
Wavlink Wn535g3 Firmware=m35g3r.v5030.180927
Wavlink WN535G3
CVE-2022-31309
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.
Wavlink Aerial X 1200m Firmware=m79x3.v5030.180719
WAVLINK AERIAL X 1200M
CVE-2022-31311
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
Wavlink Aerial X 1200m Firmware=m79x3.v5030.180719
WAVLINK AERIAL X 1200M

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203