VYPR

Vendor CVEs

Wavlink

All CVEs

216 total · sorted by risk
  • CVE-2026-4164CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.02

    A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack…

  • CVE-2026-4163CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack…

  • CVE-2025-5408CriJun 1, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request…

  • CVE-2025-61128CriOct 28, 2025
    risk 0.59cvss 9.1epss 0.01

    Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.

  • CVE-2026-5004HigMar 28, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to…

  • CVE-2026-4861HigMar 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has…

  • CVE-2023-30313HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2025-10359HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2025-10358HigSep 13, 2025
    risk 0.48cvss 7.3epss 0.06

    A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-10324HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is…

  • CVE-2025-10323HigSep 12, 2025
    risk 0.48cvss 7.3epss 0.08

    A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made…

  • CVE-2026-6483HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.14

    A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public…

  • CVE-2026-2566HigFeb 16, 2026
    risk 0.47cvss 7.2epss 0.00

    A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. The attack can be launched remotely. The…

  • CVE-2026-8230MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published…

  • CVE-2026-8229MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is…

  • CVE-2026-8228MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely.…

  • CVE-2026-8227MedMay 10, 2026
    risk 0.41cvss 6.3epss 0.05

    A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be…

  • CVE-2026-8192MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the…

  • CVE-2026-8191MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly…

  • CVE-2026-8190MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control…

  • CVE-2026-8189MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection. It is possible to launch…

  • CVE-2026-8188MedMay 9, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads to os command injection. It is possible to initiate the attack…

  • CVE-2026-7692MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is…

  • CVE-2026-7691MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.03

    A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The…

  • CVE-2026-7690MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.05

    A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2026-4543MedMar 22, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible…

  • CVE-2026-2530MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.06

    A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2026-2528MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.06

    A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. Remote exploitation of the attack is…

  • CVE-2026-2527MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.06

    A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly…

  • CVE-2026-2526MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.06

    A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made…

  • CVE-2025-10964MedSep 25, 2025
    risk 0.41cvss 6.3epss 0.07

    A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub_401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command injection. The attack can be initiated remotely. The exploit…

  • CVE-2025-10963MedSep 25, 2025
    risk 0.41cvss 6.3epss 0.07

    A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Affected is the function sub_4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument del_flag results in command injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2025-10962MedSep 25, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to initiate the attack…

  • CVE-2025-10960MedSep 25, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument delete_list results in command injection. The attack is possible…

  • CVE-2025-10959MedSep 25, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed remotely. The exploit has been…

  • CVE-2025-10958MedSep 25, 2025
    risk 0.41cvss 6.3epss 0.07

    A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The…

  • CVE-2025-10325MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly…

  • CVE-2025-9149MedAug 19, 2025
    risk 0.41cvss 6.3epss 0.06

    A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has…

  • CVE-2026-3704MedMar 8, 2026
    risk 0.31cvss 4.7epss 0.04

    A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack…

  • CVE-2026-3662MedMar 7, 2026
    risk 0.31cvss 4.7epss 0.11

    A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-3661MedMar 7, 2026
    risk 0.31cvss 4.7epss 0.11

    A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be…

  • CVE-2025-10775MedSep 22, 2025
    risk 0.31cvss 4.7epss 0.20

    A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The…

  • CVE-2026-6559MedApr 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected…

  • CVE-2026-4166LowMar 16, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been…

  • CVE-2026-4544LowMar 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is…

  • CVE-2026-3716LowMar 8, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2022-34046Jul 20, 2022
    risk 0.08cvss epss 0.17

    An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].

  • CVE-2022-34047Jul 20, 2022
    risk 0.08cvss epss 0.17

    An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

  • CVE-2020-13117Feb 9, 2021
    risk 0.08cvss epss 0.69

    Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.

  • CVE-2022-48164Feb 6, 2023
    risk 0.07cvss epss 0.03

    An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Page 1 of 5