Lucene search

K
WavlinkWn530h4 Firmwarem30h4.v5030.190403

5 matches found

CVE
CVE
added 2020/10/02 9:15 a.m.49 views

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

10CVSS9.7AI score0.91674EPSS
CVE
CVE
added 2020/10/02 9:15 a.m.48 views

CVE-2020-12127

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.

7.5CVSS7AI score0.19684EPSS
CVE
CVE
added 2020/10/02 9:15 a.m.32 views

CVE-2020-12125

A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.

10CVSS9.7AI score0.05941EPSS
CVE
CVE
added 2020/10/02 9:15 a.m.29 views

CVE-2020-12123

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.

8.1CVSS8AI score0.00136EPSS
CVE
CVE
added 2020/10/02 9:15 a.m.29 views

CVE-2020-12126

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.

9.8CVSS9.4AI score0.0065EPSS