Product:

Wn533a8_firmware

(Wavlink)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 20
Date Id Summary Products Score Patch Annotated
2022-08-10 CVE-2022-35525 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2022-08-10 CVE-2022-35526 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2022-08-10 CVE-2022-35533 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2022-08-10 CVE-2022-35534 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2022-08-10 CVE-2022-35535 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2022-08-10 CVE-2022-35536 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2022-08-10 CVE-2022-35537 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2022-08-10 CVE-2022-35538 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml. Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware 9.8
2020-04-27 CVE-2020-12266 An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of... Jetstream_ac3000_firmware, Jetstream_erac3000_firmware, Wl\-Wn530hg4_firmware, Wl\-Wn575a3_firmware, Wl\-Wn579g3_firmware, Wn530h4_firmware, Wn531a6_firmware, Wn531g3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn551k1_firmware, Wn578a2_firmware, Wn579g3_firmware, Wn579x3_firmware, Wn57x93_firmware 7.5
2020-05-07 CVE-2020-10973 An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. Wn530hg4_firmware, Wn531g3_firmware, Wn533a8_firmware, Wn551k1_firmware 7.5