Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wavlink vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2022-31311
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows malicious users to execute arbitrary commands via a crafted POST request.
Wavlink Aerial X 1200m Firmware M79x3.v5030.180719
10
CVSSv2
CVE-2020-13117
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
Wavlink Wn575a4 Firmware
Wavlink Wn579x3 Firmware
10
CVSSv2
CVE-2020-12125
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an malicious user to execute arbitrary machine instructions as root without authentication.
Wavlink Wn530h4 Firmware M30h4.v5030.190403
10
CVSSv2
CVE-2020-12124
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an malicious user to execute arbitrary Linux commands as root without authentication.
Wavlink Wn530h4 Firmware M30h4.v5030.190403
2 Github repositories
10
CVSSv2
CVE-2020-15490
An issue exists on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.)
Wavlink Wl-wn530hg4 Firmware M30hg4.v5030.191116
10
CVSSv2
CVE-2020-15489
An issue exists on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.
Wavlink Wl-wn530hg4 Firmware M30hg4.v5030.191116
9.3
CVSSv2
CVE-2020-10971
An issue exists on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active se...
Wavlink Wl-wn575a3 Firmware Rpt75a3.v4300.180801
Wavlink Wl-wn530hg4 Firmware M30hg4.v5030.191116
Wavlink Wl-wn579g3 Firmware M79x3.v5030.180719
1 Github repository
7.8
CVSSv2
CVE-2020-12123
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an malicious user to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.
Wavlink Wn530h4 Firmware M30h4.v5030.190403
7.5
CVSSv2
CVE-2022-34592
Wavlink WL-WN575A3 RPT75A3.V4300.201217 exists to contain a command injection vulnerability via the function obtw. This vulnerability allows malicious users to execute arbitrary commands via a crafted POST request.
Wavlink Wl-wn575a3 Firmware Rpt75a3.v4300.201217
7.5
CVSSv2
CVE-2022-23900
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an malicious user to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
Wavlink Wl-wn531p3 Firmware M31g3.v5030.201204
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »