4 matches found
Cross site request forgery (csrf)
The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues such as CVE-2022-35518, can lead to remote, unauthenticated command execution...
CVE-2022-40623 WAVLINK Quantum D4G (WN531G3) CSRF
The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues such as CVE-2022-35518, can lead to remote, unauthenticated command execution...
CVE-2022-35518
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nasdisk.shtml...
CVE-2022-35518
The CVE-2022-35518 issue affects WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3 devices where nas.cgi does not filter parameters User1Passwd and User1 in /nas_disk.shtml, enabling command injection. Concrete details in connected sources show the root cause as unfiltered input leading to...