Wavlink

Wn533a8 Firmware

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-35522

Exploit
  • EPSS 5.2%
  • Veröffentlicht 10.08.2022 20:15:55
  • Zuletzt bearbeitet 21.11.2024 07:11:17

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.

9.8

CVE-2022-35521

Exploit
  • EPSS 5.2%
  • Veröffentlicht 10.08.2022 20:15:55
  • Zuletzt bearbeitet 21.11.2024 07:11:17

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security....

9.8

CVE-2022-35520

Exploit
  • EPSS 5.2%
  • Veröffentlicht 10.08.2022 20:15:55
  • Zuletzt bearbeitet 21.11.2024 07:11:17

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.

9.8

CVE-2022-35519

Exploit
  • EPSS 5.2%
  • Veröffentlicht 10.08.2022 20:15:54
  • Zuletzt bearbeitet 21.11.2024 07:11:17

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.

9.8

CVE-2022-35518

Exploit
  • EPSS 3.48%
  • Veröffentlicht 10.08.2022 20:15:54
  • Zuletzt bearbeitet 20.10.2025 18:15:37

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.

8.8

CVE-2022-35517

Exploit
  • EPSS 5.07%
  • Veröffentlicht 10.08.2022 20:15:54
  • Zuletzt bearbeitet 21.11.2024 07:11:16

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection i...

6.1

CVE-2022-34048

Exploit
  • EPSS 4.9%
  • Veröffentlicht 20.07.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:08:50

Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.

7.5

CVE-2022-34046

Exploit
  • EPSS 57.48%
  • Veröffentlicht 20.07.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:08:49

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].

7.5

CVE-2020-10973

  • EPSS 37.1%
  • Veröffentlicht 07.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:29

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator passw...

7.5

CVE-2020-12266

  • EPSS 0.42%
  • Veröffentlicht 27.04.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:24

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other s...