Strik3R0X1

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-WN533A8 version M33A8.V5030.190716 **Description** An access control issue in the component /cgi-bin/ExportLogs.sh allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. **Recommendations** For version M33A8.V5030.190716, consider restricting access to the /cgi-bin/ExportLogs.sh component to prevent unauthenticated downloads of sensitive data. As a temporary workaround, consider disabling the ExportLogs.sh functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-WN530HG4 version M30HG4.V5030.201217 **Description** An access control issue allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. **Recommendations** For Wavlink WL-WN530HG4 version M30HG4.V5030.201217, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Wavlink WL-WN530H4 M30H4.V5030.210121 **Description** The issue is related to an access control problem in the "/cgi-bin/ExportLogs.sh" component, allowing unauthenticated attackers to download configuration data, log files, and obtain admin credentials. **Recommendations** For Wavlink WL-WN530H4 M30H4.V5030.210121, consider restricting access to the "/cgi-bin/ExportLogs.sh" component until a patch is available. As a temporary workaround, limit the exposure of the device to the internet and avoid using the default admin credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarView Compact versions 4.0 through 5.0 **Description** The issue allows for Unrestricted File Upload via a crafted php file. **Recommendations** For SolarView Compact versions 4.0 through 5.0, consider restricting the upload of php files to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SolarView Compact version 7.0 **Description** The issue is related to Cross-site Scripting (XSS) via the "/network test.php" API endpoint. This allows for potential malicious script injection and execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For SolarView Compact version 7.0, consider disabling access to the "/network test.php" endpoint until a patch is available. Restricting the use of this endpoint can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WAVLINK Quantum D4G (WL-WN531G3) versions M31G3.V5030.200325 through M31G3.V5030.201204 **Description** The issue allows unauthenticated attackers to download configuration data and log files due to an access control problem. **Recommendations** For versions M31G3.V5030.200325 through M31G3.V5030.201204, update to a newer version that addresses the access control issue to prevent unauthenticated attackers from downloading sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.