Wavlink WN535 漏洞列表

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. SHODAN: http.title:"Wi-Fi APP Login"

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. SHODAN: http.title:"Wi-Fi APP Login"

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. SHODAN: http.title:"Wi-Fi APP Login"

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

WAVLINK WN535是一款双频 4G LTE 智能路由器。WAVLINK WN535 G3 M35G3R.V5030.180927版本存在安全漏洞，该漏洞源于live_check.shtml 中存在漏洞。攻击者利用该漏洞通过执行 exec cmd 函数获取敏感的路由器信息。

睿因（wavlink）是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞，攻击者可利用该获取系统敏感信息。“live_mfg”中存在漏洞。WAVLINKWN535 G3的shtml页面，固件包版本M35G3R.V5030.180927

睿因（wavlink）是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞，攻击者可利用该获取系统敏感信息。“live_mfg”中存在漏洞。WAVLINKWN535 G3的shtml页面，固件包版本M35G3R.V5030.180927

WAVLINK WN535 G3通过主机名参数/cgi bin/login发现包含跨站点脚本（XSS）漏洞。cgi。