51 matches found
CVE-2026-7690 Wavlink WL-WN570HA1 adm.cgi set_sys_adm command injection
A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410221110. This issue affects the function setsysadm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...
CVE-2025-55847
Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...
CVE-2025-10321
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /liveonline.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about...
CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
CVE-2023-32560
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1...
CVE-2024-39802
Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...
CVE-2024-39783
Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker can exploit this vulnerability to cause server-side request forgery SSRF in a remote control server by sending a...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker can exploit this vulnerability to disclose data or perform server-side request forgery attacks...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit the vulnerability by sending specially crafted packets to the mobile device server, resulting in memory...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit the vulnerability by sending specially crafted packets to the mobile device server, resulting in memory...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...
Wavelink Avalanche Security Vulnerability
Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker could exploit this vulnerability by sending specially crafted packets to the mobile device server, which could result ...