Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48166 info: name: Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure author: ritikchaddha...

WAVLINK WN530HG4 - Improper Access Control

WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

CVE-2022-34047

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IPADDRESS/setsafety.shtml?r=52300 and searching for var syspasswd...

CVE-2020-10972

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page a certain live?.shtml page with the variable syspasswd. Affected Devices: Wavlink WN530HG4, Wavlink...

CVE-2024-10429

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

CVE-2024-10428

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function setipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The...

CVE-2024-10429

The CVE-2024-10429 entry concerns WAVLINK WN530H4, WN530HG4 and WN572HG3 devices. Affected is the function set_ipv6 in the file internet.cgi, where manipulation of the IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr arguments leads to command injection. The issue enables remote execution and has b...

CVE-2024-10429 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

WAVLINK多款产品 命令注入漏洞

WAVLINK WN530HG4 and others are products of China RuiYin WAVLINK Company.WAVLINK WN530HG4 is a wireless router.WAVLINK WN530H4 is a router.WAVLINK WN572HG3 is a wireless router. A command injection vulnerability exists in several WAVLINK products. The vulnerability stems from the parameter...

WAVLINK多款产品 命令注入漏洞

WAVLINK WN530HG4 and others are products of China RuiYin WAVLINK Company.WAVLINK WN530HG4 is a wireless router.WAVLINK WN530H4 is a router.WAVLINK WN572HG3 is a wireless router. A command injection vulnerability exists in several WAVLINK products. The vulnerability stems from the parameter...

CVE-2024-10194

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

CVE-2024-10194 WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

CVE-2024-10194 WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

CVE-2024-10194

CVE-2024-10194 affects WAVLINK WN530H4, WN530HG4 and WN572HG3 (up to 20221028). The issue is in the Front-End Authentication Page, specifically the function Goto_chidx in the file login.cgi . Manipulating the argument wlanUrl causes a stack-based buffer overflow. Exploitation is possible only wit...

CVE-2024-10193

The CVE-2024-10193 issue affects WAVLINK WN530H4, WN530HG4, and WN572HG3 up to 20221028, with a vulnerability in the ping_ddns function of internet.cgi. The DDNS parameter manipulation enables command injection, and the attack may be initiated remotely; exploits have been disclosed publicly. Conn...

WAVLINK WL-WN530H4、WN530HG4和WN572HG3 安全漏洞

WAVLINK WN530HG4 and others are products of RuiYin Technology WAVLINK, China.WAVLINK WN530HG4 is a wireless router.WAVLINK WL-WN530H4 is a router.WAVLINK WN572HG3 is a wireless router. A security vulnerability exists in the WAVLINK WL-WN530H4, WN530HG4, and WN572HG3, which stems from the fact tha...

PT-2024-16107 · Wavlink · Wavlink Wn572Hp3 +1

Name of the Vulnerable Software and Affected Versions: WAVLINK WN530H4, WN530HG4, and WN572HG3 versions up to 20221028 Description: A critical issue affects the Front-End Authentication Page, specifically the function Goto chidx of the file login.cgi. The manipulation of the argument wlanUrl lead...

CVE-2022-48166

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48166

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...