Wn530h4 Firmware@m30h4.v5030.190403 Security Vulnerabilities and Issues — Wn530h4 Firmware@m30h4.v5030.190403 CVE List

Lucene search

WavlinkWn530h4 Firmwarem30h4.v5030.190403

5 matches found

CVE•added 2020/10/02 9:15 a.m.•49 views

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

10CVSS9.7AI score0.91674EPSS

CVE•added 2020/10/02 9:15 a.m.•48 views

CVE-2020-12127

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.

7.5CVSS7AI score0.19684EPSS

CVE•added 2020/10/02 9:15 a.m.•32 views

CVE-2020-12125

A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.

10CVSS9.7AI score0.05941EPSS

CVE•added 2020/10/02 9:15 a.m.•29 views

CVE-2020-12123

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.

8.1CVSS8AI score0.00136EPSS

CVE•added 2020/10/02 9:15 a.m.•29 views

CVE-2020-12126

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.

9.8CVSS9.4AI score0.0065EPSS