Wn535g3_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Wn535g3_firmware
(Wavlink)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	23

Date	Id	Summary	Products	Score	Patch	Annotated
2022-05-13	CVE-2022-30489	WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.	Wn535g3_firmware	6.1
2022-06-14	CVE-2022-31845	A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.	Wn535g3_firmware	7.5
2022-06-14	CVE-2022-31846	A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.	Wn535g3_firmware	7.5
2022-07-25	CVE-2022-34576	A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.	Wn535g3_firmware	7.5
2022-07-25	CVE-2022-34577	A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.	Wn535g3_firmware	9.8
2022-08-10	CVE-2022-35517	WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.	Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware	8.8
2022-08-10	CVE-2022-35519	WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.	Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware	9.8
2022-08-10	CVE-2022-35518	WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.	Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware	9.8
2022-08-10	CVE-2022-35520	WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.	Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware	9.8
2022-08-10	CVE-2022-35521	WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.	Wn530h4_firmware, Wn531p3_firmware, Wn533a8_firmware, Wn535g3_firmware, Wn572hp3_firmware	9.8