618 matches found
PT-2025-2558 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the set qos functionality of internet.cgi. A specially crafted HTTP request can lead to a stack-based buffer overflow. An attacker can ma...
PT-2025-2555 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...
PT-2025-2542 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A cross-site scripting xss vulnerability exists in the set lang CountryCode functionality of login.cgi. A specially crafted HTTP request can lead to a disclosure of sensitive information...
PT-2024-10142 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...
PT-2024-10143 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...
PT-2024-10141 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an...
PT-2024-10139 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 versions M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can ma...
D-LINK DIR-3040 WiFi Smart Mesh information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. Tested Versions D-LINK DIR-3040...
D-LINK DIR-3040 Libcli 命令注入漏洞(CVE-2021-21819)
The DIR-3040 is an AC3000-based wireless internet router. As discussed in TALOS-2021-1285, a hidden telnet service can be started without authentication by visiting https:///starttelnet This service presents the user with a login prompt for their “libcli test environment”: $ telnet 192.168.0.1...
Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
Dave McDaniel discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router. The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry out a... This is...
D-LINK DIR-3040 Zebra IP routing manager information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Test...
D-LINK DIR-3040 Libcli command injection vulnerability
Summary A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions D-LINK...
D-LINK DIR-3040 Syslog information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1283 D-LINK DIR-3040 Syslog information disclosure vulnerability July 15, 2021 CVE Number CVE-2021-21818 Summary A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network...
Vulnerability in Trust Management Issues in Multiple NETGEAR Products (CNVD-2020-33660)
NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 and others are a wireless WiFi device from NETGEAR. NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 version 2.5.1.106, Outdoor Satellite RBS50Y version 2.5.1.106 and Pro Tri-Band Business WiFi A trust management...
CVE-2020-11550
The CVE-2020-11550 entry concerns NETGEAR Orbi devices: SRS60 AC3000 (SW 2.5.1.106), Outdoor Satellite RBS50Y (2.5.1.106), and SRR60 AC3000 (2.5.1.106). The issue is an unauthenticated disclosure via the administrative SOAP interface that can leak sensitive Wi‑Fi data, including SSIDs and PSKs. R...
The vulnerability of the microprogramming software of the Zyxel Multy X AC3000 lies in the lack of protection for the UART interface, which allows a hacker to gain access to the device with root privileges.
The vulnerability of the Zyxel Multy X AC3000 router’s microprogramming software lies in the lack of protection for the UART interface and the use of pre-installed credentials. Exploiting this vulnerability allows a malicious actor to gain access to the device with root privileges via the...
Zyxel Multy X (AC3000 Tri-Band WiFi System) Device Backdoor Vulnerability
The Zyxel Multy X AC3000 Tri-Band WiFi System device is a wireless networking kit from Hopkins ZyXEL Technologies. A security vulnerability exists in the Zyxel Multy X AC3000 Tri-Band WiFi System device, which arises from the program failing to use the correct mechanism to protect the UART.An...
CVE-2018-9149
The CVE-2018-9149 entry concerns Zyxel Multy X (AC3000 Tri-Band WiFi System). The vulnerability arises from an inadequate protection mechanism for the UART, enabling an attacker who physically accesses the device (after dismantling) to connect via USB-UART and log in with the root password 1234. ...