Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wavlink wn531g3 firmware - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-44356
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated malicious users to download configuration data and log files.
Wavlink Wl-wn531g3 Firmware M31g3.v5030.200325
Wavlink Wl-wn531g3 Firmware M31g3.v5030.201204
7.5
CVSSv3
CVE-2020-10972
An issue exists where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4,...
Wavlink Wn530hg4 Firmware M30hg4.v5030.191116
Wavlink Wn531g3 Firmware -
Wavlink Wn572hg3 Firmware -
1 Github repository
7.5
CVSSv3
CVE-2020-10973
An issue exists in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. Th...
Wavlink Wn530hg4 Firmware M30hg4.v5030.191116
Wavlink Wn531g3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn551k1 Firmware -
8.8
CVSSv3
CVE-2022-40623
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
Wavlink Wn531g3 Firmware
7.5
CVSSv3
CVE-2022-40621
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and previous versions communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network acces...
Wavlink Wn531g3 Firmware
8.8
CVSSv3
CVE-2022-40622
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the l...
Wavlink Wn531g3 Firmware
7.5
CVSSv3
CVE-2021-44260
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote malicious user to access this page without any authentication. When processed, it exposes some key information of the manager of router.
Wavlink Wl-wn531g3 Firmware A42w-1.27.6-20180418
9.8
CVSSv3
CVE-2021-44259
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote malicious user to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this devic...
Wavlink Wl-wn531g3 Firmware A42w-1.27.6-20180418
7.5
CVSSv3
CVE-2020-12266
An issue exists where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be access...
Wavlink Wl-wn579g3 Firmware M79x3.v5030.180719
Wavlink Wl-wn575a3 Firmware Rpt75a3.v4300.180801
Wavlink Wl-wn530hg4 Firmware M30hg4.v5030.191116
Wavlink Wn531g3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn531a6 Firmware -
Wavlink Wn551k1 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn57x93 Firmware -
Wavlink Wn578a2 Firmware -
Wavlink Wn579g3 Firmware -
Wavlink Wn579x3 Firmware -
Wavlink Jetstream Ac3000 Firmware -
Wavlink Jetstream Erac3000 Firmware -
8.8
CVSSv3
CVE-2020-10971
An issue exists on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active se...
Wavlink Wl-wn575a3 Firmware Rpt75a3.v4300.180801
Wavlink Wl-wn530hg4 Firmware M30hg4.v5030.191116
Wavlink Wl-wn579g3 Firmware M79x3.v5030.180719
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started