134 matches found
Command injection
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac5g and Newname, which leads to command injection in page /wifimesh.shtml...
多款WAVLINK产品安全漏洞
WAVLINK AC1200 is a dual-band high power wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router.WAVLINK WN533A8 is a wireless router.WAVLINK WN533A8 is a wireless router with a...
WAVLINK WL-WN531P3和WAVLINK WN533A8 安全漏洞
WAVLINK WL-WN531P3 and WAVLINK WN533A8 are both products of China RuiYin Technology WAVLINK.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router. A security vulnerability exists in WAVLINK that stems from its wireless.cgi component not filtering the parameters deletelist,...
WAVLINK WL-WN531P3和WAVLINK WN533A8 安全漏洞
WAVLINK WL-WN531P3 and WAVLINK WN533A8 are both products of China RuiYin Technology WAVLINK.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router. A security vulnerability exists in WAVLINK, which stems from the unfiltered parameters mac5g and Newname in its wireless.cgi...
CVE-2022-35535
CVE-2022-35535 affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3 and WN531P3. The vulnerability stems from lack of filtering on the macAddr parameter in wireless.cgi, enabling command injection on /wifi_mesh.shtml. The coordinated documents corroborate the affected models and the vulnerability ...
CVE-2022-35535
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifimesh.shtml...
CVE-2022-35537
CVE-2022-35537 affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3; the wireless.cgi page lacks filtering on mac_5g and Newname parameters, enabling command injection on /wifi_mesh.shtml. Root cause: unsanitized input in wireless.cgi. Impact: high (per CVSS 3.1: Network, Privileges None,...
CVE-2022-35537
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac5g and Newname, which leads to command injection in page /wifimesh.shtml...
CVE-2022-35538
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: deletelist, deletealmac, bdeletelist and bdeletealmac, which leads to command injection in page /wifimesh.shtml...
CVE-2022-35538
Summary: CVE-2022-35538 affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3. The wireless.cgi component does not filter parameters delete_list, delete_al_mac, b_delete_list, and b_delete_al_mac, enabling potential command injection on the /wifi_mesh.shtml page. The CVSSv3.1 base scor...
PT-2022-22895 · Wavlink · Wavlink Wn533A8 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to a lack of filtering on parameters: mac 5g and Newname in the wireless.cgi file, which leads to command injection in the page...
PT-2022-22892 · Wavlink · Wavlink Wn533A8 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to a lack of filtering on the hiddenSSID32g and SSID2G2 parameters in the wireless.cgi file, which leads to command injection i...
PT-2022-22893 · Wavlink · Wavlink Wn533A8 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to the lack of filtering on the macAddr parameter in the wireless.cgi file, which leads to command injection in the /wifi...
Cross site request forgery (csrf)
The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery CSRF attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script...