VYPR

WL-WN575A3

by Wavlink

CVEs (5)

  • CVE-2022-37149Aug 30, 2022
    risk 0.01cvss epss 0.03

    WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.

  • CVE-2022-34592Jul 7, 2022
    risk 0.01cvss epss 0.04

    Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.

  • CVE-2025-25528Feb 11, 2025
    risk 0.00cvss epss 0.04

    Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands…

  • CVE-2023-38861Aug 15, 2023
    risk 0.00cvss epss 0.01

    An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.

  • CVE-2020-10974May 7, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6,…