VYPR

QUANTUM D3G

by Wavlink

CVEs (5)

  • CVE-2025-5408CriJun 1, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request…

  • CVE-2022-40623HigSep 13, 2022
    risk 0.57cvss 8.8epss 0.01

    The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.

  • CVE-2022-40622HigSep 13, 2022
    risk 0.57cvss 8.8epss 0.01

    The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the…

  • CVE-2022-44356HigNov 29, 2022
    risk 0.49cvss 7.5epss 0.03

    WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.

  • CVE-2022-40621HigSep 13, 2022
    risk 0.49cvss 7.5epss 0.01

    Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to…