VYPR

WN531P3

by Wavlink

CVEs (3)

  • CVE-2024-54747CriDec 6, 2024
    risk 0.64cvss 9.8epss 0.01

    WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

  • CVE-2022-35520CriAug 10, 2022
    risk 0.64cvss 9.8epss 0.02

    WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.

  • CVE-2022-23900CriApr 7, 2022
    risk 0.64cvss 9.8epss 0.04

    A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.