VYPR

WN530HG4

by Wavlink

CVEs (14)

  • CVE-2022-34045CriJul 20, 2022
    risk 0.64cvss 9.8epss 0.02

    Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.

  • CVE-2020-15490CriJul 1, 2020
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.)

  • CVE-2020-15489CriJul 1, 2020
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.

  • CVE-2024-10194HigOct 20, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to…

  • CVE-2020-10971HigMay 7, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the…

  • CVE-2022-34047HigJul 20, 2022
    risk 0.53cvss 7.5epss 0.17

    An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

  • CVE-2022-48166HigFeb 6, 2023
    risk 0.49cvss 7.5epss 0.03

    An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

  • CVE-2020-10973HigMay 7, 2020
    risk 0.49cvss 7.5epss 0.08

    An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is…

  • CVE-2020-10972HigMay 7, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink…

  • CVE-2020-12266HigApr 27, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can…

  • CVE-2024-10429HigOct 27, 2024
    risk 0.48cvss 7.2epss 0.17

    A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection.…

  • CVE-2024-10428HigOct 27, 2024
    risk 0.48cvss 7.2epss 0.14

    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be…

  • CVE-2022-34049MedJul 20, 2022
    risk 0.35cvss 5.3epss 0.02

    An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.

  • CVE-2024-10193MedOct 20, 2024
    risk 0.32cvss 4.7epss 0.15

    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated…