Wl Wn530hg4 Firmware

wl-wn530hg4_firmware

Vendor: Wavlink • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-48166 1Wavlink 1Wl Wn530hg4 Firmware Mar 25, 2025 Feb 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-34049 1Wavlink 1Wl Wn530hg4 Firmware Nov 21, 2024 Jul 20, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.
CVE-2022-34047 1Wavlink 1Wl Wn530hg4 Firmware Nov 21, 2024 Jul 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
CVE-2022-34045 1Wavlink 1Wl Wn530hg4 Firmware Nov 21, 2024 Jul 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
CVE-2020-15490 1Wavlink 1Wl Wn530hg4 Firmware Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scrip...Show more An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.)Show less
CVE-2020-15489 1Wavlink 1Wl Wn530hg4 Firmware Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.
CVE-2020-10971 1Wavlink 3Wl Wn530hg4 Firmware Wl Wn575a3 FirmwareWl Wn579g3 Firmware Nov 21, 2024 May 7, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST...Show more An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000Show less
CVE-2020-12266 1Wavlink 15Jetstream Ac3000 Firmware Jetstream Erac3000 FirmwareWl Wn530hg4 Firmware+12 more Nov 21, 2024 Apr 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to...Show more An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000Show less