CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 3:48 p.m.•4 views

CVE-2020-10972

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page a certain live?.shtml page with the variable syspasswd. Affected Devices: Wavlink WN530HG4, Wavlink...

7.5CVSS7.4AI score0.00305EPSS

Exploits0References1

NVD•added 2022/11/29 5:15 p.m.•28 views

CVE-2022-44356

7.5CVSS0.47061EPSS

OSV•added 2022/11/29 5:15 p.m.•0 views

CVE-2022-44356

7.5CVSS5.8AI score

Exploits0References1

CNNVD•added 2022/11/29 12:0 a.m.•18 views

WAVLINK WN531G3 安全漏洞

The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...

7.5CVSS6.8AI score0.47061EPSS

CVE•added 2022/11/29 12:0 a.m.•57 views

CVE-2022-44356

WAVLINK Quantum D4G WL-WN531G3 firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 have an access control issue that enables unauthenticated attackers to download configuration data and log files. The NUCLEI template confirms this is an information-disclosure vulnerability caused by impro...

7.5CVSS7.5AI score0.47061EPSS

NVD•added 2022/09/13 9:15 p.m.•13 views

CVE-2022-40623

The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues such as CVE-2022-35518, can lead to remote, unauthenticated command execution...

8.8CVSS0.00294EPSS

Prion•added 2022/09/13 9:15 p.m.•10 views

Cross site request forgery (csrf)

6.8CVSS9.5AI score0.03867EPSS

Exploits2References1Affected Software1

CVE•added 2022/09/13 8:35 p.m.•54 views

CVE-2022-40623

CVE-2022-40623 affects WAVLINK Quantum D4G (WN531G3) firmware M31G3.V5030.200325, describing a lack of anti-CSRF tokens in the device’s web interface. The entry also notes that exploitation can occur when combined with CVE-2022-35518 (command injection via nas.cgi), suggesting a scenario for remo...

8.8CVSS9.5AI score0.00294EPSS

Cvelist•added 2022/09/13 8:35 p.m.•11 views

CVE-2022-40622 WAVLINK Quantum D4G (WN531G3) Session Management by IP Address

The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator,...

8.8AI score0.00103EPSS

CVE•added 2022/09/13 8:35 p.m.•41 views

CVE-2022-40622

The CVE-2022-40622 entry concerns WAVLINK Quantum D4G (WN531G3) firmware M31G3.V5030.200325, where the device uses IP addresses to maintain sessions and does not employ session tokens. This design enables session takeover if an attacker can match the administrator’s IP or share a NAT, as describe...

8.8CVSS8.7AI score0.00103EPSS

CVE•added 2022/09/13 8:35 p.m.•49 views

CVE-2022-40621

The CVE-2022-40621 entry concerns WAVLINK Quantum D4G (WN531G3). Affected firmware versions M31G3.V5030.200325 and earlier communicate over HTTP (not HTTPS), and the device’s authentication hashing does not rely on a server-supplied key. This enables an attacker with sufficient network access to ...

7.5CVSS7.5AI score0.0031EPSS

Cvelist•added 2022/09/13 8:35 p.m.•11 views

CVE-2022-40621 WAVLINK Quantum D4G (WN531G3) Pass-The-Hash

Because the WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed...

7.7AI score0.0031EPSS

CNNVD•added 2022/09/13 12:0 a.m.•2 views

WAVLINK WN531G3 授权问题漏洞

The WAVLINK WN531G3 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN531G3 firmware version M31G3.V5030.200325 and prior versions, which stems from the use of an IP address to maintain a session and does not use a session token, and can be...

8.8CVSS7.9AI score0.00103EPSS

CNNVD•added 2022/09/13 12:0 a.m.•2 views

WAVLINK WN531G3 跨站请求伪造漏洞

The WAVLINK WN531G3 is a wireless router from China-based RuiYin Technology WAVLINK. A security vulnerability exists in WAVLINK WN531G3 firmware version M31G3.V5030.200325 and prior versions, which stems from the non-use of anti-CSRF tokens, and when used in conjunction with other issues such as...

8.8CVSS8AI score0.00294EPSS