VYPR

Vendor CVEs

Wavlink

All CVEs

216 total · sorted by risk
  • CVE-2022-48165Feb 3, 2023
    risk 0.07cvss epss 0.03

    An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

  • CVE-2022-2488Jul 20, 2022
    risk 0.07cvss epss 0.29

    A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the…

  • CVE-2022-2487Jul 20, 2022
    risk 0.07cvss epss 0.80

    A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the…

  • CVE-2022-2486Jul 20, 2022
    risk 0.07cvss epss 0.26

    A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public…

  • CVE-2020-12124Oct 2, 2020
    risk 0.07cvss epss 0.75

    A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

  • CVE-2023-3380Jun 23, 2023
    risk 0.06cvss epss 0.04

    A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack…

  • CVE-2022-48166Feb 6, 2023
    risk 0.05cvss epss 0.03

    An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

  • CVE-2022-44356Nov 29, 2022
    risk 0.04cvss epss 0.03

    WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.

  • CVE-2022-31847Jun 14, 2022
    risk 0.04cvss epss 0.05

    A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.

  • CVE-2022-31845Jun 14, 2022
    risk 0.04cvss epss 0.08

    A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

  • CVE-2024-10429Oct 27, 2024
    risk 0.03cvss epss 0.17

    A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection.…

  • CVE-2022-34576Jul 25, 2022
    risk 0.03cvss epss 0.03

    A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.

  • CVE-2022-34048Jul 20, 2022
    risk 0.03cvss epss 0.05

    Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.

  • CVE-2022-34045Jul 20, 2022
    risk 0.03cvss epss 0.02

    Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.

  • CVE-2021-3186Jan 24, 2021
    risk 0.03cvss epss 0.03

    A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.

  • CVE-2022-34049Jul 20, 2022
    risk 0.02cvss epss 0.02

    An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.

  • CVE-2022-31846Jun 14, 2022
    risk 0.02cvss epss 0.07

    A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

  • CVE-2022-30489May 13, 2022
    risk 0.02cvss epss 0.04

    WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.

  • CVE-2021-44260Mar 17, 2022
    risk 0.02cvss epss 0.08

    A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.

  • CVE-2020-10973May 7, 2020
    risk 0.02cvss epss 0.08

    An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is…

  • CVE-2024-48705Sep 2, 2025
    risk 0.01cvss epss 0.04

    Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due…

  • CVE-2025-50756Jul 14, 2025
    risk 0.01cvss epss 0.02

    Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-44881May 20, 2025
    risk 0.01cvss epss 0.03

    A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.

  • CVE-2025-44882May 20, 2025
    risk 0.01cvss epss 0.03

    A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.

  • CVE-2025-44880May 20, 2025
    risk 0.01cvss epss 0.03

    A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.

  • CVE-2025-44868May 2, 2025
    risk 0.01cvss epss 0.03

    Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-34166Jan 14, 2025
    risk 0.01cvss epss 0.16

    An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this…

  • CVE-2024-39363Jan 14, 2025
    risk 0.01cvss epss 0.48

    A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request…

  • CVE-2024-39288Jan 14, 2025
    risk 0.01cvss epss 0.13

    A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-21797Jan 14, 2025
    risk 0.01cvss epss 0.21

    A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-37357Jan 14, 2025
    risk 0.01cvss epss 0.10

    A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-36258Jan 14, 2025
    risk 0.01cvss epss 0.12

    A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this…

  • CVE-2024-36295Jan 14, 2025
    risk 0.01cvss epss 0.21

    A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2022-37149Aug 30, 2022
    risk 0.01cvss epss 0.03

    WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.

  • CVE-2022-34592Jul 7, 2022
    risk 0.01cvss epss 0.04

    Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.

  • CVE-2020-12127Oct 2, 2020
    risk 0.01cvss epss 0.06

    An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.

  • CVE-2026-3715Mar 8, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2026-3703Mar 8, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may…

  • CVE-2026-3613Mar 6, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The…

  • CVE-2026-3612Mar 6, 2026
    risk 0.00cvss epss 0.09

    A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack…

  • CVE-2026-2615Feb 17, 2026
    risk 0.00cvss epss 0.10

    A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The…

  • CVE-2026-2567Feb 16, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The…

  • CVE-2026-2565Feb 16, 2026
    risk 0.00cvss epss 0.01

    A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is…

  • CVE-2026-2529Feb 16, 2026
    risk 0.00cvss epss 0.06

    A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The…

  • CVE-2025-55847Sep 26, 2025
    risk 0.00cvss epss 0.02

    Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a…

  • CVE-2025-10961Sep 25, 2025
    risk 0.00cvss epss 0.08

    A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was…

  • CVE-2025-10322Sep 12, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit…

  • CVE-2025-10321Sep 12, 2025
    risk 0.00cvss epss 0.00

    A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was…

  • CVE-2025-50757Sep 2, 2025
    risk 0.00cvss epss 0.02

    Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-50755Sep 2, 2025
    risk 0.00cvss epss 0.01

    Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_cmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Page 2 of 5