Wavlink Wn530H4 Firmware vulnerabilities
9 known vulnerabilities affecting wavlink/wn530h4_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH6
Vulnerabilities
Page 1 of 1
CVE-2020-12124P1CRITICALCVSS 9.8ExploitedPoCvm30h4.v5030.1904032020-10-02
CVE-2020-12124 [CRITICAL] CWE-78 CVE-2020-12124: A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK W
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
nvd
CVE-2020-12127P3HIGHCVSS 7.5PoCvm30h4.v5030.1904032020-10-02
CVE-2020-12127 [HIGH] CWE-306 CVE-2020-12127: An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
nvd
CVE-2024-10429P2HIGHCVSS 7.2v202207212024-10-27
CVE-2024-10429 [HIGH] CWE-77 CVE-2024-10429: A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up t
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclos
nvd
CVE-2024-10193P2HIGHCVSS 7.2≤ 202210282024-10-20
CVE-2024-10193 [HIGH] CWE-77 CVE-2024-10193: A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendo
nvd
CVE-2024-10428P2HIGHCVSS 7.2v202207212024-10-27
CVE-2024-10428 [HIGH] CWE-77 CVE-2024-10428: A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rate
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2020-12125P2CRITICALCVSS 9.8vm30h4.v5030.1904032020-10-02
CVE-2020-12125 [CRITICAL] CWE-120 CVE-2020-12125: A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
nvd
CVE-2024-10194P3HIGHCVSS 8.8≤ 202210282024-10-20
CVE-2024-10194 [HIGH] CWE-121 CVE-2024-10194: A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been clas
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the loca
nvd
CVE-2020-12126P3CRITICALCVSS 9.8vm30h4.v5030.1904032020-10-02
CVE-2020-12126 [CRITICAL] CWE-287 CVE-2020-12126: Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
nvd
CVE-2020-12123P3HIGHCVSS 8.1vm30h4.v5030.1904032020-10-02
CVE-2020-12123 [HIGH] CWE-352 CVE-2020-12123: CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an a
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.
nvd