WL-WN530H4
by Wavlink
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61128 | Cri | 0.59 | 9.1 | 0.00 | Oct 28, 2025 | Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi. | ||
| CVE-2026-6483 | Hig | 0.47 | 7.2 | 0.00 | Apr 17, 2026 | A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public… | ||
| CVE-2022-48165 | 0.07 | — | 0.81 | Feb 3, 2023 | An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||
| CVE-2020-12124 | 0.07 | — | 0.92 | Oct 2, 2020 | A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. | |||
| CVE-2024-10429 | 0.03 | — | 0.33 | Oct 27, 2024 | A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection.… | |||
| CVE-2025-44868 | 0.01 | — | 0.10 | May 2, 2025 | Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2020-12127 | 0.01 | — | 0.18 | Oct 2, 2020 | An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | |||
| CVE-2024-10428 | 0.00 | — | 0.01 | Oct 27, 2024 | A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be… | |||
| CVE-2024-10194 | 0.00 | — | 0.00 | Oct 20, 2024 | A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to… | |||
| CVE-2024-10193 | 0.00 | — | 0.01 | Oct 20, 2024 | A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated… | |||
| CVE-2022-35518 | 0.00 | — | 0.04 | Aug 9, 2022 | WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml. | |||
| CVE-2020-12126 | 0.00 | — | 0.01 | Oct 2, 2020 | Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | |||
| CVE-2020-12125 | 0.00 | — | 0.06 | Oct 2, 2020 | A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. | |||
| CVE-2020-12123 | 0.00 | — | 0.00 | Oct 2, 2020 | CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work. |
- risk 0.59cvss 9.1epss 0.00
Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
- risk 0.47cvss 7.2epss 0.00
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public…
- CVE-2022-48165Feb 3, 2023risk 0.07cvss —epss 0.81
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
- CVE-2020-12124Oct 2, 2020risk 0.07cvss —epss 0.92
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
- CVE-2024-10429Oct 27, 2024risk 0.03cvss —epss 0.33
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection.…
- CVE-2025-44868May 2, 2025risk 0.01cvss —epss 0.10
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2020-12127Oct 2, 2020risk 0.01cvss —epss 0.18
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
- CVE-2024-10428Oct 27, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be…
- CVE-2024-10194Oct 20, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to…
- CVE-2024-10193Oct 20, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated…
- CVE-2022-35518Aug 9, 2022risk 0.00cvss —epss 0.04
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
- CVE-2020-12126Oct 2, 2020risk 0.00cvss —epss 0.01
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
- CVE-2020-12125Oct 2, 2020risk 0.00cvss —epss 0.06
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
- CVE-2020-12123Oct 2, 2020risk 0.00cvss —epss 0.00
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.