Wavlink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-54747 1Wavlink 1Wn531p3 Firmware Oct 3, 2025 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2024-54745 1Wavlink 1Wn701ae Firmware Oct 3, 2025 Dec 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2024-10429 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Nov 13, 2024 Oct 27, 2024 8.6 HIGH· v4 7.2 HIGH· v3 8.3 HIGH· v2 A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6...Show more A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-10428 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Nov 13, 2024 Oct 27, 2024 8.6 HIGH· v4 7.2 HIGH· v3 8.3 HIGH· v2 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpG...Show more A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-10194 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Oct 23, 2024 Oct 20, 2024 8.7 HIGH· v4 8.8 HIGH· v3 8.3 HIGH· v2 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication...Show more A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-10193 1Wavlink 3Wn530h4 Firmware Wn530hg4 FirmwareWn572hg3 Firmware Oct 23, 2024 Oct 20, 2024 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS lea...Show more A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-38897 1Wavlink 1Wn551k1 Firmware Jun 6, 2025 Jun 24, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVE-2024-38896 1Wavlink 1Wn551k1 Firmware Jun 6, 2025 Jun 24, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVE-2024-38895 1Wavlink 1Wn551k1 Firmware Jun 6, 2025 Jun 24, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
CVE-2024-38894 1Wavlink 1Wn551k1 Firmware Jun 6, 2025 Jun 24, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVE-2024-38892 1Wavlink 1Wn551k1 Firmware Jun 6, 2025 Jun 24, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVE-2023-38861 1Wavlink 1Wl Wn575a3 Firmware Nov 21, 2024 Aug 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
CVE-2023-32622 1Wavlink 1Wl Wn531ax2 Firmware Dec 4, 2024 Jun 30, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.
CVE-2023-32621 1Wavlink 1Wl Wn531ax2 Firmware Nov 21, 2024 Jun 30, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.
CVE-2023-32620 1Wavlink 1Wl Wn531ax2 Firmware Nov 21, 2024 Jun 30, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
CVE-2023-32613 1Wavlink 1Wl Wn531ax2 Firmware Nov 21, 2024 Jun 30, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
CVE-2023-32612 1Wavlink 1Wl Wn531ax2 Firmware Nov 27, 2024 Jun 30, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
CVE-2023-3380 1Wavlink 1Wn579x3 Firmware Nov 21, 2024 Jun 23, 2023 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp le...Show more A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-29708 1Wavlink 1Wavrouter App Dec 6, 2024 Jun 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
CVE-2022-48166 1Wavlink 1Wl Wn530hg4 Firmware Mar 25, 2025 Feb 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Previous 1...678...11 Next