Wavlink Wn531G3 vulnerabilities
3 known vulnerabilities affecting wavlink/wn531g3.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2022-35518P2CRITICALCVSS 9.8≥ M31G3.V5030.200325, ≤ M31G3.V5030.2003252022-08-10
CVE-2022-35518 [CRITICAL] CWE-77 CVE-2022-35518: WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Pa
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
nvd
CVE-2022-40621P3HIGHCVSS 7.5≥ M31G3.V5030.200325, ≤ M31G3.V5030.2003252022-09-13
CVE-2022-40621 [HIGH] CWE-294 CVE-2022-40621: Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier co
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-t
nvd
CVE-2022-40622P3HIGHCVSS 8.8≥ M31G3.V5030.200325, ≤ M31G3.V5030.2003252022-09-13
CVE-2022-40622 [HIGH] CWE-304 CVE-2022-40622: The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to h
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
nvd