VYPR
Vendor

Wavlink

Products
38
CVEs
216
Across products
282
Status
Private

Products

38
View all 38 products →

Recent CVEs

216
View all 216 CVEs →
  • CVE-2026-4164CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.02

    A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack…

  • CVE-2026-4163CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack…

  • CVE-2025-5408CriJun 1, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request…

  • CVE-2025-61128CriOct 28, 2025
    risk 0.59cvss 9.1epss 0.01

    Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.

  • CVE-2026-5004HigMar 28, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to…

  • CVE-2026-4861HigMar 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has…

  • CVE-2023-30313HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2025-10359HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2025-10358HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-10324HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is…

  • CVE-2025-10323HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made…

  • CVE-2026-6483HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.14

    A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public…

  • CVE-2026-2566HigFeb 16, 2026
    risk 0.47cvss 7.2epss 0.00

    A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. The attack can be launched remotely. The…

  • CVE-2026-8230MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published…

  • CVE-2026-8229MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is…

  • CVE-2026-8228MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely.…

  • CVE-2026-8227MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be…

  • CVE-2026-8192MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the…

  • CVE-2026-8191MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly…

  • CVE-2026-8190MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control…