Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wavlink vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-13117
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
Wavlink Wn575a4 Firmware
Wavlink Wn579x3 Firmware
NA
CVE-2022-2486
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public a...
Wavlink Wl-wn535k2 Firmware -
Wavlink Wl-wn535k3 Firmware -
NA
CVE-2022-2487
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the pu...
Wavlink Wl-wn535k2 Firmware -
Wavlink Wl-wn535k3 Firmware -
NA
CVE-2022-2488
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public...
Wavlink Wl-wn535k2 Firmware -
Wavlink Wl-wn535k3 Firmware -
9.3
CVSSv2
CVE-2020-10971
An issue exists on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active se...
Wavlink Wl-wn575a3 Firmware Rpt75a3.v4300.180801
Wavlink Wl-wn530hg4 Firmware M30hg4.v5030.191116
Wavlink Wl-wn579g3 Firmware M79x3.v5030.180719
1 Github repository
NA
CVE-2022-44356
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated malicious users to download configuration data and log files.
Wavlink Wl-wn531g3 Firmware M31g3.v5030.200325
Wavlink Wl-wn531g3 Firmware M31g3.v5030.201204
NA
CVE-2023-3380
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remote...
Wavlink Wn579x3 Firmware
4.3
CVSSv2
CVE-2022-30489
WAVLINK WN535 G3 exists to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
Wavlink Wn535g3 Firmware -
1 Github repository
NA
CVE-2022-40621
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and previous versions communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network acces...
Wavlink Wn531g3 Firmware
NA
CVE-2022-40622
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the l...
Wavlink Wn531g3 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »