VYPR
Vendor

PROLiNK

Products
5
CVEs
9
Across products
9
Status
Private

Products

5

Recent CVEs

9
  • CVE-2021-35402CriFeb 20, 2026
    risk 0.65cvss 10.0epss 0.01

    PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).

  • CVE-2022-46637CriFeb 21, 2023
    risk 0.64cvss 9.8epss 0.02

    Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.

  • CVE-2021-36707CriAug 6, 2021
    risk 0.64cvss 9.8epss 0.03

    In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.

  • CVE-2021-36706CriAug 6, 2021
    risk 0.64cvss 9.8epss 0.03

    In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.

  • CVE-2021-36705CriAug 6, 2021
    risk 0.64cvss 9.8epss 0.03

    In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.

  • CVE-2021-36708HigAug 6, 2021
    risk 0.49cvss 7.5epss 0.01

    In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.

  • CVE-2024-57238HigFeb 3, 2025
    risk 0.47cvss 7.3epss 0.00

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.

  • CVE-2024-57237MedFeb 3, 2025
    risk 0.41cvss 6.3epss 0.00

    Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This…

  • CVE-2025-56498MedSep 3, 2025
    risk 0.35cvss 5.3epss 0.02

    An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated…