VYPR

WL-WN530H4

by Wavlink

Source repositories

CVEs (28)

  • CVE-2022-35517HigAug 10, 2022
    risk 0.57cvss 8.8epss 0.02

    WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page…

  • CVE-2020-12123HigOct 2, 2020
    risk 0.53cvss 8.1epss 0.00

    CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.

  • CVE-2022-48165HigFeb 3, 2023
    risk 0.49cvss 7.5epss 0.03

    An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

  • CVE-2020-12127HigOct 2, 2020
    risk 0.49cvss 7.5epss 0.07

    An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.

  • CVE-2024-10429HigOct 27, 2024
    risk 0.48cvss 7.2epss 0.17

    A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection.…

  • CVE-2024-10428HigOct 27, 2024
    risk 0.48cvss 7.2epss 0.14

    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be…

  • CVE-2026-6483HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.14

    A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public…

  • CVE-2024-10193MedOct 20, 2024
    risk 0.32cvss 4.7epss 0.15

    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated…

Page 2 of 2