Wn530h4 Firmware

wn530h4_firmware

Vendor: Wavlink • 27 CVEs

CVEs (27)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10429 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Nov 13, 2024 Oct 27, 2024 8.6 HIGH· v4 7.2 HIGH· v3 8.3 HIGH· v2 A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6...Show more A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-10428 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Nov 13, 2024 Oct 27, 2024 8.6 HIGH· v4 7.2 HIGH· v3 8.3 HIGH· v2 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpG...Show more A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-10194 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Oct 23, 2024 Oct 20, 2024 8.7 HIGH· v4 8.8 HIGH· v3 8.3 HIGH· v2 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication...Show more A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-10193 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Oct 23, 2024 Oct 20, 2024 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS lea...Show more A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2022-35538 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35537 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35536 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.
CVE-2022-35535 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35534 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.
CVE-2022-35533 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.
CVE-2022-35526 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.
CVE-2022-35525 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.
CVE-2022-35524 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injectio...Show more WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.Show less
CVE-2022-35523 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
CVE-2022-35522 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.
CVE-2022-35521 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command in...Show more WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.Show less
CVE-2022-35520 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injectio...Show more WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.Show less
CVE-2022-35519 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
CVE-2022-35518 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Oct 20, 2025 Aug 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
CVE-2022-35517 1Wavlink 5Wn530h4 Firmware Wn531p3 FirmwareWn533a8 Firmware+2 more Nov 21, 2024 Aug 10, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, whic...Show more WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.Show less

12 Next