Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

EUVD-2022-37078

Malicious code in bioql PyPI...

CVE-2022-34046

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser;...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-34048

Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting XSS vulnerability via the loginpage parameter...

The vulnerability of the qosSettings() function in the qos.cgi script of the Wavlink AC3000 (WL-WN533A8) router’s script allows a hacker to execute arbitrary code.

The vulnerability of the qosSettings function in the qos.cgi script of the Wavlink AC3000 WL-WN533A8 router software lies in the fact that the output of the operation goes beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the add_dir() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the adddir function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass existing security...

The vulnerability of the sch_reboot() function in the adm.cgi script of the Wavlink AC3000 (WL-WN533A8) router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the schreboot function in the adm.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the lack of measures taken to manage data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

WAVLINK WL-WN533A8 Access Control Issue Vulnerability

WAVLINK WL-WN533A8 is a router from China's RuiYin Technology WAVLINK. The WAVLINK WL-WN533A8 suffers from an Access Control Issue vulnerability that originates from improper access control in the component /cgi-bin/ExportLogs.sh, which can be exploited by an attacker to download configuration da...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

Design/Logic Flaw

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48164

CVE-2022-48164 affects the Wavlink WL-WN533A8 family (M33A8.V5030.190716). The issue is an access-control flaw in the /cgi-bin/ExportLogs.sh component that allows unauthenticated attackers to download configuration data, log files, and obtain admin credentials. CVSS v3.1 base score 7.5 (HIGH) wit...

CVE-2022-35536

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qosbandwith and qosdat, which leads to command injection in page /qos.shtml...

CVE-2022-35533

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: clilist and clinum, which leads to command injection in page /qos.shtml...

CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml...

CVE-2022-35520

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml...

CVE-2022-35517

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: webpskValue, wlMethod, wlanssid, EncrypType, rwanip, rwanmask, rwangateway, pppusername, ppppasswd and pppsetver, which leads to command injection in page /wizardroutermesh.shtml...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac5g and Newname, which leads to command injection in page /wifimesh.shtml...