19 matches found
CVE-2022-35526
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
Command injection
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: clilist and clinum, which leads to command injection in page /qos.shtml...
Command injection
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac5g and Newname, which leads to command injection in page /wifimesh.shtml...
Command injection
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qosbandwith and qosdat, which leads to command injection in page /qos.shtml...
CVE-2022-35518
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nasdisk.shtml...
CVE-2022-35520
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...
CVE-2022-35521
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /mansecurity.shtml...
CVE-2022-35523
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter delmac and parameter flag, which leads to command injection in page /cliblacklist.shtml...
CVE-2022-35524
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlansignal, webpskValue, selEncrypTyp, selAutomode, wlanbssid, wlanssid and wlanchannel, which leads to command injection in page /wizardrep.shtml...
CVE-2022-35526
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...
CVE-2022-35533
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: clilist and clinum, which leads to command injection in page /qos.shtml...
CVE-2022-35536
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qosbandwith and qosdat, which leads to command injection in page /qos.shtml...
CVE-2022-35538
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: deletelist, deletealmac, bdeletelist and bdeletealmac, which leads to command injection in page /wifimesh.shtml...
PT-2022-22891 · Wavlink · Wavlink Wn530H4 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue affects the qos.cgi page, specifically the /qos.shtml endpoint, where the cli list and cli num parameters have no filtering, leading to...
PT-2022-22880 · Wavlink · Wavlink Wn533A8 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to a lack of filtering on parameters: User1Passwd and User1 in the nas.cgi file, which leads to command injection in the /nas...
PT-2022-22884 · Wavlink · Wavlink Wn533A8 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to the firewall.cgi having no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled,...
PT-2022-22879 · Wavlink · Wavlink Wn530H4 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue concerns the lack of filtering on certain parameters in the adm.cgi file, specifically: web pskValue, wl Method, wlan ssid, EncrypType, rw...
PT-2022-22887 · Wavlink · Wavlink Wn533A8 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to a lack of filtering on parameters in the adm.cgi file, which leads to command injection in the /wizard rep.shtml page. The...