Wavlink Wl-Wn530Hg4 Firmware vulnerabilities
8 known vulnerabilities affecting wavlink/wl-wn530hg4_firmware.
Total CVEs
8
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-34047P2HIGHCVSS 7.5PoCvm30hg4.v5030.1911162022-07-20
CVE-2022-34047 [HIGH] CWE-668 CVE-2022-34047: An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
nvd
CVE-2022-48166P2HIGHCVSS 7.5PoCvm30hg4.v5030.2012172023-02-06
CVE-2022-48166 [HIGH] CWE-862 CVE-2022-48166: An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
nvd
CVE-2022-34045P3CRITICALCVSS 9.8PoCvm30hg4.v5030.1911162022-07-20
CVE-2022-34045 [CRITICAL] CWE-798 CVE-2022-34045: Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
nvd
CVE-2020-15489P2CRITICALCVSS 9.8vm30hg4.v5030.1911162020-07-01
CVE-2020-15489 [CRITICAL] CWE-78 CVE-2020-15489: An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metachara
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.
nvd
CVE-2022-34049P3MEDIUMCVSS 5.3PoCvm30hg4.v5030.1911162022-07-20
CVE-2022-34049 [MEDIUM] CWE-552 CVE-2022-34049: An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.
nvd
CVE-2020-15490P2CRITICALCVSS 9.8vm30hg4.v5030.1911162020-07-01
CVE-2020-15490 [CRITICAL] CVE-2020-15490: An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.)
nvd
CVE-2020-10971P3HIGHCVSS 8.8vm30hg4.v5030.1911162020-05-07
CVE-2020-10971 [HIGH] CWE-20 CVE-2020-10971: An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wa
nvd
CVE-2020-12266P3HIGHCVSS 7.5vm30hg4.v5030.1911162020-04-27
CVE-2020-12266 [HIGH] CWE-306 CVE-2020-12266: An issue was discovered where there are multiple externally accessible pages that do not require any
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow th
nvd