Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

EUVD-2022-37078

Malicious code in bioql PyPI...

CVE-2022-34046

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser;...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-34048

Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting XSS vulnerability via the loginpage parameter...

WAVLINK WL-WN533A8 Access Control Issue Vulnerability

WAVLINK WL-WN533A8 is a router from China's RuiYin Technology WAVLINK. The WAVLINK WL-WN533A8 suffers from an Access Control Issue vulnerability that originates from improper access control in the component /cgi-bin/ExportLogs.sh, which can be exploited by an attacker to download configuration da...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

Design/Logic Flaw

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48164

CVE-2022-48164 affects the Wavlink WL-WN533A8 family (M33A8.V5030.190716). The issue is an access-control flaw in the /cgi-bin/ExportLogs.sh component that allows unauthenticated attackers to download configuration data, log files, and obtain admin credentials. CVSS v3.1 base score 7.5 (HIGH) wit...

CVE-2022-35536

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qosbandwith and qosdat, which leads to command injection in page /qos.shtml...

CVE-2022-35533

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: clilist and clinum, which leads to command injection in page /qos.shtml...

CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

CVE-2022-35520

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...

CVE-2022-35517

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: webpskValue, wlMethod, wlanssid, EncrypType, rwanip, rwanmask, rwangateway, pppusername, ppppasswd and pppsetver, which leads to command injection in page /wizardroutermesh.shtml...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: clilist and clinum, which leads to command injection in page /qos.shtml...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac5g and Newname, which leads to command injection in page /wifimesh.shtml...

多款WAVLINK产品安全漏洞

WAVLINK AC1200 and others are products of China RuiYin Technology WAVLINK.WAVLINK AC1200 is a dual-band high-power wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router. A security vulnerability exists in WAVLINK that stems from its qos.cgi component that do...

多款WAVLINK产品安全漏洞

WAVLINK AC1200 is a dual-band high power wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router.WAVLINK WN533A8 is a wireless router.WAVLINK WN533A8 is a wireless router.WAVLINK...