wavlink 漏洞列表
共找到 65 个与 wavlink 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2022-2486: Wavlink WN535K2/WN535K3 - OS Command Injection POC
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. SHODAN: http.title:"Wi-Fi APP Login" -
CVE-2022-2487: Wavlink WN535K2/WN535K3 - OS Command Injection POC
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. SHODAN: http.title:"Wi-Fi APP Login" -
CVE-2022-2488: Wavlink WN535K2/WN535K3 - OS Command Injection POC
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. SHODAN: http.title:"Wi-Fi APP Login" -
CVE-2020-10973: WAVLINK - Access Control POC
Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. -
CVE-2020-12124: WAVLINK WN530H4 live_api.cgi - Command Injection POC
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. -
CVE-2020-12127: WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure POC
WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. -
CVE-2020-13117: Wavlink Multiple AP - Remote Command Injection POC
Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected. -
CVE-2021-44260: WAVLINK AC1200 - Information Disclosure POC
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. -
CVE-2022-2486: Wavlink WN535K2/WN535K3 - OS Command Injection POC
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. -
CVE-2022-2487: Wavlink WN535K2/WN535K3 - OS Command Injection POC
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. -
CVE-2022-2488: Wavlink WN535K2/WN535K3 - OS Command Injection POC
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. -
CVE-2022-30489: Wavlink WN-535G3 - Cross-Site Scripting POC
Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi. -
CVE-2022-31845: WAVLINK WN535 G3 - Information Disclosure POC
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-31846: WAVLINK WN535 G3 - Information Disclosure POC
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-31847: WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure POC
WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-34045: WAVLINK WN530HG4 - Improper Access Control POC
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-34046: WAVLINK WN533A8 - Improper Access Control POC
WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-34047: WAVLINK WN530HG4 - Improper Access Control POC
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-34048: Wavlink WN-533A8 - Cross-Site Scripting POC
Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter. -
CVE-2022-34049: WAVLINK WN530HG4 - Improper Access Control POC
Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-34576: WAVLINK WN535 G3 - Improper Access Control POC
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-44356: WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure POC
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. -
CVE-2022-48164: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure POC
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. -
CVE-2022-48165: Wavlink - Improper Access Control POC
Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations. -
CVE-2022-48166: Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure POC
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. -
CVE-2023-3380: WAVLINK WN579X3 - Remote Command Execution POC
Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi. -
WAVLINK多款产品 命令注入漏洞 无POC
WAVLINK WN530HG4等都是中国睿因(WAVLINK)公司的产品。WAVLINK WN530HG4是一个无线路由器。WAVLINK WN530H4是一款路由器。WAVLINK WN572HG3是一个无线路由器。 WAVLINK多款产品存在命令注入漏洞,该漏洞源于文件firewall.cgi的功能set_ipv6的参数dhcpGateway会导致命令注入。以下产品及版本受到影响:WAVLINK WN530H4 20220721版本、WN530HG4 20220809版本和WN572HG3 WO 20221028版本。 -
WAVLINK多款产品 命令注入漏洞 无POC
WAVLINK WN530HG4等都是中国睿因(WAVLINK)公司的产品。WAVLINK WN530HG4是一个无线路由器。WAVLINK WN530H4是一款路由器。WAVLINK WN572HG3是一个无线路由器。 WAVLINK多款产品存在命令注入漏洞,该漏洞源于文件internet.cgi的功能set_ipv6的参数IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr会导致命令注入。以下产品及版本受到影响:WAVLINK WN530H4 20220721版本、WN530HG4 20220809版本和WN572HG3 WO 20221028版本。 -
WAVLINK WL-WNJ575A3 /adm.cgi 命令执行漏洞 无POC
WAVLINK是中国睿因科技(WAVLINK)公司开发的一款路由器。WAVLINK路由器/adm.cgi接口处存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。 -
Wavlink WN579G3信息泄露漏洞 无POC
Wavlink WN579G3存在信息泄露漏洞。此漏洞是系统对页面访问权限控制不正确导致的。 -
Wavlink username 远程命令执行漏洞 无POC
Wavlink存在远程命令执行漏洞,此漏洞是缺乏校验导致的。 -
Wavlink WN533A8 CVE-2022-34046 信息泄露漏洞 无POC
Wavlink WN533A8 M33A8.V5030.190716存在信息泄露漏洞。该漏洞是由于对未授权的操作缺乏有效的验证导致的。 -
WAVLINK live_mfg.shtml 敏感数据泄露漏洞 无POC
Wavlink存在信息泄露漏洞,此漏洞是由于live_mfg.shtml对用户的身份没有进行鉴权导致的。 -
Wavlink nightled.cgi CVE-2022-2487 命令执行漏洞 无POC
-
Wavlink mesh.cgi CVE-2022-2486 命令注入漏洞 无POC
-
Wavlink WN535 CVE-2022-34577 代码执行漏洞 无POC
-
Wavlink touchlist_sync.cgi CVE-2022-2488 命令执行漏洞 无POC
-
Wavlink WN533A8 M33A8.V5030.190716信息泄露漏洞 无POC
-
Wavlink WN533A8 CVE-2022-34048 跨站脚本漏洞 无POC
-
Wavlink WN579X3 CVE-2023-3380 命令注入漏洞 无POC
-
WAVLINK WL-WN530H4 路由器 CVE-2022-48165 信息泄露漏洞 无POC
-
WAVLINK WL-WN530H4 路由器 CVE-2022-48165 信息泄露漏洞 无POC
-
Wavlink 路由器 live_api 远程命令执行漏洞 无POC
Wavlink 路由器 live_api 存在远程命令执行漏洞 -
WAVLINK WN535 G3 路由器 live_check.shtml 文件信息泄露漏洞(CVE-2022-31845) 无POC
WAVLINK WN535是一款双频 4G LTE 智能路由器。WAVLINK WN535 G3 M35G3R.V5030.180927版本存在安全漏洞,该漏洞源于live_check.shtml 中存在漏洞。攻击者利用该漏洞通过执行 exec cmd 函数获取敏感的路由器信息。 -
Wavlink WN530HG4 未授权访问(CVE-2022-48165) 无POC
Wavlink WL-WN530H4M30H4.V5030.210121易受组件中不正确的访问控制的影响。攻击者可以下载配置数据和日志文件,获取管理员凭据,并可能执行未经授权的操作。 -
wavlink路由器 admin.cgi 存在命令执行(CVE-2022-34577) 无POC
睿因(wavlink)是一个国际知名品牌,其营销总部设立在中国香港,生产总部位于中国深圳。睿因(wavlink)以高科技和人性化为出发点,围绕PC及移动设备的周边,提出了无线、网络、数码、影音、多显示等解决方案。该设备adm.cgi页面系统存在命令执行。 -
wavlink路由器 ExportAllSettings.sh 存在信息泄露 无POC
睿因(wavlink)是一个国际知名品牌,其营销总部设立在中国香港,生产总部位于中国深圳。睿因(wavlink)以高科技和人性化为出发点,围绕PC及移动设备的周边,提出了无线、网络、数码、影音、多显示等解决方案。该设备WI-FI-Web页面系统存在信息泄露。 -
Wavlink WN530HG4 信息泄露(CVE-2020-10973) 无POC
在Wavlink WN530HG4、Wavlink WN531G3、WavlinkWN533A8和WavlinkWN551K1中发现一个影响/cgi-bin/ExportAllSettings.sh的问题,其中特制的POST请求返回设备的当前配置,包括管理员密码。不需要身份验证。攻击者必须执行解密步骤,但所有解密信息都很容易获得。 -
WAVLINK WN535 G3 信息泄露(CVE-2022-31846) 无POC
睿因(wavlink)是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞,攻击者可利用该获取系统敏感信息。“live_mfg”中存在漏洞。WAVLINKWN535 G3的shtml页面,固件包版本M35G3R.V5030.180927 -
WAVLINK WN535 G3 信息泄露(CVE-2022-31845) 无POC
睿因(wavlink)是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞,攻击者可利用该获取系统敏感信息。“live_mfg”中存在漏洞。WAVLINKWN535 G3的shtml页面,固件包版本M35G3R.V5030.180927 -
WAVLINK WN579 X3信息泄漏(CVE-2022-34570) 无POC
WAVLINK WN579 X3页面存在漏洞,固件包版本M79X3.V5030.191012/M79X3.V5030.191012 -
Wavlink Set_safety.shtml 密码泄露(CVE-2022-34047) 无POC
睿因(wavlink)是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞,攻击者可利用该获取系统敏感信息。 -
Wavlink Sysinit.shtml 密码泄露(CVE-2022-34046) 无POC
睿因(wavlink)是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞,攻击者可利用该获取系统敏感信息。 -
Wavlink Exportlogs.sh 信息泄露(CVE-2022-34049) 无POC
睿因(wavlink)是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞,攻击者可利用该获取系统敏感信息。 -
wavlink ExportSettings.sh信息泄露 无POC
睿因(wavlink)是由睿因科技(深圳)有限公司开发的路由器,该公司旗下wavlink存在信息泄露漏洞,攻击者可利用该获取系统敏感信息。 -
Wavlink wireless.cgi 命令执行漏洞(CVE-2022-34592) 无POC
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。wireless.cgi文件的CCK_1M等参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。 -
Wavlink touchlist_sync.cgi 命令执行漏洞(cve-2022-2488) 无POC
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。touchlist_sync.cgi文件的IP参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。 -
Wavlink nightled.cgi 命令执行漏洞 无POC
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。nightled.cgi文件的start_hour参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。 -
Wavlink mesh.cgi 命令执行漏洞(cve-2022-2486) 无POC
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。mesh.cgi文件的key参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。 -
Wavlink live_api.cgi 命令执行漏洞(CVE-2020-12124) 无POC
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。live_api.cgi文件的ip参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。 -
Wavlink adm.cgi 命令执行漏洞(CVE-2022-23900) 无POC
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。adm.cgi文件的command参数存在命令执行漏洞,攻击者可通过该漏洞获取服务器权限。 -
wavlink路由器 mb_wifi.shtml存在未授权绕过 无POC
睿因(wavlink)是一个国际知名品牌,其营销总部设立在中国香港,生产总部位于中国深圳。睿因(wavlink)以高科技和人性化为出发点,围绕PC及移动设备的周边,提出了无线、网络、数码、影音、多显示等解决方案。该设备WI-FI-Web页面系统存在登录绕过。 -
wavlink路由器 fctest.shtml存在信息泄露(CVE-2022-34575) 无POC
睿因(wavlink)是一个国际知名品牌,其营销总部设立在中国香港,生产总部位于中国深圳。睿因(wavlink)以高科技和人性化为出发点,围绕PC及移动设备的周边,提出了无线、网络、数码、影音、多显示等解决方案。该设备WI-FI-Web页面系统存在信息泄露。 -
Wavlink 未授权 RCE(CVE-2020-13117) 无POC
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。用户输入未正确消毒允许通过登录请求中的“key”参数注入命令。它已经在Wavlink WN575A4和WN579X3设备上进行了测试,但其他产品可能会受到影响。 -
Wavlink Wn535g3 -login.cgi XSS(CVE-2022-30489) 无POC
WAVLINK WN535 G3通过主机名参数/cgi bin/login发现包含跨站点脚本(XSS)漏洞。cgi。