Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wavlink vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-38861
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote malicious user to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
Wavlink Wl-wn575a3 Firmware R75a3 V1410 220513
9.8
CVSSv3
CVE-2023-3380
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remote...
Wavlink Wn579x3 Firmware
9.8
CVSSv3
CVE-2022-37149
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 exists to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows malicious users to execute arbitrary commands via the username parameter.
Wavlink Wl-wn575a3 Firmware Rpt75a3.v4300.201217
9.8
CVSSv3
CVE-2022-35518
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
Wavlink Wn572hp3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn531p3 Firmware -
9.8
CVSSv3
CVE-2022-35519
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
Wavlink Wn572hp3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn531p3 Firmware -
9.8
CVSSv3
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
Wavlink Wn572hp3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn531p3 Firmware -
9.8
CVSSv3
CVE-2022-35521
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.
Wavlink Wn572hp3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn531p3 Firmware -
9.8
CVSSv3
CVE-2022-35522
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.
Wavlink Wn572hp3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn531p3 Firmware -
9.8
CVSSv3
CVE-2022-35523
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
Wavlink Wn572hp3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn531p3 Firmware -
9.8
CVSSv3
CVE-2022-35524
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.
Wavlink Wn572hp3 Firmware -
Wavlink Wn533a8 Firmware -
Wavlink Wn530h4 Firmware -
Wavlink Wn535g3 Firmware -
Wavlink Wn531p3 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »