Vulnerabilities in Wavlink
128 resultsCVE-2022-2487HIGHWAVLINK WN535K2/WN535K3 nightled.cgi os command injectionEPSS 79.5%CVE-2024-39363CRITICALA cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505EPSS 48.1%CVE-2024-39280CRITICALAn external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A speciallyEPSS 34.2%CVE-2022-2488HIGHWAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injectionEPSS 27.7%CVE-2022-2486HIGHWAVLINK WN535K2/WN535K3 os command injectionEPSS 25.1%CVE-2024-37186CRITICALAn os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially cEPSS 22.8%CVE-2024-36295CRITICALA command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTEPSS 20.8%CVE-2024-21797CRITICALA command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted EPSS 20.8%CVE-2025-10775MEDIUMWavlink WL-NU516U1 login.cgi sub_4012A0 os command injectionEPSS 20.0%CVE-2024-38666CRITICALAn external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505EPSS 18.9%CVE-2024-39760CRITICALMultiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A spEPSS 17.4%CVE-2024-10429HIGHWAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injectionEPSS 17.2%CVE-2024-34166CRITICALAn os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. AEPSS 15.8%CVE-2024-10193MEDIUMWAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injectionEPSS 15.0%CVE-2026-6483HIGHWavlink WL-WN530H4 internet.cgi snprintf os command injectionEPSS 14.1%CVE-2024-10428HIGHWAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injectionEPSS 14.1%CVE-2024-39288CRITICALA buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A speciallyEPSS 13.5%CVE-2024-36258CRITICALA stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210EPSS 12.4%CVE-2024-39360CRITICALAn os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craEPSS 11.7%CVE-2026-3662MEDIUMWavlink WL-NU516U1 adm.cgi usb_p910 command injectionEPSS 11.2%