Vulnerabilities (CVE)

Filtered by vendor Wavlink Subscribe
Filtered by product Wn575a4 Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13117 1 Wavlink 4 Wn575a4, Wn575a4 Firmware, Wn579x3 and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
CVE-2020-10974 1 Wavlink 26 Jetstream Ac3000, Jetstream Ac3000 Firmware, Jetstream Erac3000 and 23 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000