← Back

Wavlink

wavlink

203 CVEs • 76 products

Products (76)

Click to collapse
Toggle
Wl Wn533a8 Firmware
wl-wn533a8_firmware
63 CVEs
Wl Nu516u1 Firmware
wl-nu516u1_firmware
28 CVEs
Wn530h4 Firmware
wn530h4_firmware
27 CVEs
Wn535g3 Firmware
wn535g3_firmware
23 CVEs
Wn533a8 Firmware
wn533a8_firmware
20 CVEs
Wn531p3 Firmware
wn531p3_firmware
17 CVEs
Wn572hp3 Firmware
wn572hp3_firmware
16 CVEs
Wl Wn578w2 Firmware
wl-wn578w2_firmware
9 CVEs
Wl Wn530hg4 Firmware
wl-wn530hg4_firmware
8 CVEs
Wl Wn579a3 Firmware
wl-wn579a3_firmware
8 CVEs
Wl Wn575a3 Firmware
wl-wn575a3_firmware
7 CVEs
Wn551k1 Firmware
wn551k1_firmware
7 CVEs
Wn531g3 Firmware
wn531g3_firmware
6 CVEs
Wn530hg4 Firmware
wn530hg4_firmware
6 CVEs
Wn572hg3 Firmware
wn572hg3_firmware
6 CVEs
Wn579x3 Firmware
wn579x3_firmware
5 CVEs
Wl Wn535k3 Firmware
wl-wn535k3_firmware
5 CVEs
Wifi Repeater Firmware
wifi-repeater_firmware
5 CVEs
Wl Wn531ax2 Firmware
wl-wn531ax2_firmware
5 CVEs
Wl Wn579g3 Firmware
wl-wn579g3_firmware
3 CVEs
Wl Wn531g3 Firmware
wl-wn531g3_firmware
3 CVEs
Aerial X 1200m Firmware
aerial_x_1200m_firmware
3 CVEs
Wl Wn535k2 Firmware
wl-wn535k2_firmware
3 CVEs
Wl Wn579x3 C Firmware
wl-wn579x3-c_firmware
3 CVEs
Wl Wn570ha1 Firmware
wl-wn570ha1_firmware
3 CVEs
Wn531a6 Firmware
wn531a6_firmware
2 CVEs
Wn57x93 Firmware
wn57x93_firmware
2 CVEs
Wn578a2 Firmware
wn578a2_firmware
2 CVEs
Wn579g3 Firmware
wn579g3_firmware
2 CVEs
Jetstream Ac3000 Firmware
jetstream_ac3000_firmware
2 CVEs
Jetstream Erac3000 Firmware
jetstream_erac3000_firmware
2 CVEs
Wn575a4 Firmware
wn575a4_firmware
2 CVEs
Wl Wn531p3 Firmware
wl-wn531p3_firmware
2 CVEs
Wl Wn530h4 Firmware
wl-wn530h4_firmware
2 CVEs
Wl Wn579x3 Firmware
wl-wn579x3_firmware
1 CVE
Wavrouter App
wavrouter_app
1 CVE
Wn701ae Firmware
wn701ae_firmware
1 CVE
Wn535k3 Firmware
wn535k3_firmware
1 CVE
Wl Wn586x3a Firmware
wl-wn586x3a_firmware
1 CVE
Wl Wn579g3
wl-wn579g3
0 CVEs
Wl Wn575a3
wl-wn575a3
0 CVEs
Wl Wn530hg4
wl-wn530hg4
0 CVEs
Wn531g3
wn531g3
0 CVEs
Wn533a8
wn533a8
0 CVEs
Wn531a6
wn531a6
0 CVEs
Wn551k1
wn551k1
0 CVEs
Wn535g3
wn535g3
0 CVEs
Wn530h4
wn530h4
0 CVEs
Wn57x93
wn57x93
0 CVEs
Wn578a2
wn578a2
0 CVEs
Wn579g3
wn579g3
0 CVEs
Wn579x3
wn579x3
0 CVEs
Jetstream Ac3000
jetstream_ac3000
0 CVEs
Jetstream Erac3000
jetstream_erac3000
0 CVEs
Wn530hg4
wn530hg4
0 CVEs
Wn572hg3
wn572hg3
0 CVEs
Wn575a4
wn575a4
0 CVEs
Wl Wn531g3
wl-wn531g3
0 CVEs
Wl Wn531p3
wl-wn531p3
0 CVEs
Aerial X 1200m
aerial_x_1200m
0 CVEs
Wl Wn535k2
wl-wn535k2
0 CVEs
Wl Wn535k3
wl-wn535k3
0 CVEs
Wl Wn579x3
wl-wn579x3
0 CVEs
Wn572hp3
wn572hp3
0 CVEs
Wn531p3
wn531p3
0 CVEs
Wl Wn530h4
wl-wn530h4
0 CVEs
Wl Wn533a8
wl-wn533a8
0 CVEs
Wl Wn531ax2
wl-wn531ax2
0 CVEs
Wn701ae
wn701ae
0 CVEs
Wl Wn579a3
wl-wn579a3
0 CVEs
Wn535k3
wn535k3
0 CVEs
Wl Nu516u1
wl-nu516u1
0 CVEs
Wl Wn578w2
wl-wn578w2
0 CVEs
Wl Wn586x3a
wl-wn586x3a
0 CVEs
Wl Wn579x3 C
wl-wn579x3-c
0 CVEs
Wl Wn570ha1
wl-wn570ha1
0 CVEs

CVEs (203)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-48164
1Wavlink
1Wl Wn533a8 Firmware
Mar 26, 2025
Feb 6, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-48165
1Wavlink
1Wl Wn530h4 Firmware
Nov 21, 2024
Feb 3, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-44356
1Wavlink
1Wl Wn531g3 Firmware
Apr 25, 2025
Nov 29, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
CVE-2022-40623
1Wavlink
1Wn531g3 Firmware
Nov 21, 2024
Sep 13, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated comman...Show more
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.Show less
CVE-2022-40622
1Wavlink
1Wn531g3 Firmware
Nov 21, 2024
Sep 13, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged...Show more
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.Show less
CVE-2022-40621
1Wavlink
1Wn531g3 Firmware
Nov 21, 2024
Sep 13, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is poss...Show more
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.Show less
CVE-2022-37149
1Wavlink
1Wl Wn575a3 Firmware
Nov 21, 2024
Aug 30, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username para...Show more
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.Show less
CVE-2022-35538
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35537
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35536
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.
CVE-2022-35535
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35534
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.
CVE-2022-35533
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.
CVE-2022-35526
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.
CVE-2022-35525
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.
CVE-2022-35524
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injectio...Show more
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.Show less
CVE-2022-35523
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
CVE-2022-35522
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.
CVE-2022-35521
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command in...Show more
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.Show less
CVE-2022-35520
1Wavlink
5Wn530h4 Firmware
Wn531p3 FirmwareWn533a8 Firmware+2 more
Nov 21, 2024
Aug 10, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injectio...Show more
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.Show less