Lucene search
K

618 matches found

Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.7 views

PT-2025-2558 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the set qos functionality of internet.cgi. A specially crafted HTTP request can lead to a stack-based buffer overflow. An attacker can ma...

9.1CVSS7.5AI score0.00845EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-2555 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

9.1CVSS7.7AI score0.04156EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.6 views

PT-2025-2542 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A cross-site scripting xss vulnerability exists in the set lang CountryCode functionality of login.cgi. A specially crafted HTTP request can lead to a disclosure of sensitive information...

10CVSS6.4AI score0.48086EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.4 views

PT-2024-10142 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

9.1CVSS9.6AI score0.05876EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.8 views

PT-2024-10143 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

9.1CVSS9.4AI score0.04815EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.5 views

PT-2024-10141 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an...

10CVSS9.8AI score0.17378EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.7 views

PT-2024-10139 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 versions M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can ma...

10CVSS8.4AI score0.08168EPSS
Exploits1References8
Talos
Talos
added 2021/09/23 12:0 a.m.71 views

D-LINK DIR-3040 WiFi Smart Mesh information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. Tested Versions D-LINK DIR-3040...

8.5AI score
Exploits0
seebug.org
seebug.org
added 2021/07/23 12:0 a.m.326 views

D-LINK DIR-3040 Libcli 命令注入漏洞(CVE-2021-21819)

The DIR-3040 is an AC3000-based wireless internet router. As discussed in TALOS-2021-1285, a hidden telnet service can be started without authentication by visiting https:///starttelnet This service presents the user with a login prompt for their “libcli test environment”: $ telnet 192.168.0.1...

6.5CVSS0.3AI score0.02886EPSS
Exploits2
Talos Blog
Talos Blog
added 2021/07/15 12:58 p.m.72 views

Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040

Dave McDaniel discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router. The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry out a... This is...

1.9AI score
Exploits0
Talos
Talos
added 2021/07/15 12:0 a.m.75 views

D-LINK DIR-3040 Zebra IP routing manager information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Test...

7.5CVSS7.5AI score0.02013EPSS
Exploits2
Talos
Talos
added 2021/07/15 12:0 a.m.85 views

D-LINK DIR-3040 Libcli command injection vulnerability

Summary A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions D-LINK...

9.1CVSS8.3AI score0.02886EPSS
Exploits2
Talos
Talos
added 2021/07/15 12:0 a.m.105 views

D-LINK DIR-3040 Syslog information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1283 D-LINK DIR-3040 Syslog information disclosure vulnerability July 15, 2021 CVE Number CVE-2021-21818 Summary A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network...

7.5CVSS7.5AI score0.01948EPSS
Exploits2
CNVD
CNVD
added 2020/05/19 12:0 a.m.4 views

Vulnerability in Trust Management Issues in Multiple NETGEAR Products (CNVD-2020-33660)

NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 and others are a wireless WiFi device from NETGEAR. NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 version 2.5.1.106, Outdoor Satellite RBS50Y version 2.5.1.106 and Pro Tri-Band Business WiFi A trust management...

8.8CVSS7.5AI score0.04136EPSS
Exploits1References1
CVE
CVE
added 2020/05/18 3:46 p.m.71 views

CVE-2020-11550

The CVE-2020-11550 entry concerns NETGEAR Orbi devices: SRS60 AC3000 (SW 2.5.1.106), Outdoor Satellite RBS50Y (2.5.1.106), and SRR60 AC3000 (2.5.1.106). The issue is an unauthenticated disclosure via the administrative SOAP interface that can leak sensitive Wi‑Fi data, including SSIDs and PSKs. R...

7.4CVSS6.6AI score0.01568EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/06/07 12:0 a.m.7 views

The vulnerability of the microprogramming software of the Zyxel Multy X AC3000 lies in the lack of protection for the UART interface, which allows a hacker to gain access to the device with root privileges.

The vulnerability of the Zyxel Multy X AC3000 router’s microprogramming software lies in the lack of protection for the UART interface and the use of pre-installed credentials. Exploiting this vulnerability allows a malicious actor to gain access to the device with root privileges via the...

10CVSS5.5AI score0.00474EPSS
Exploits1References3
CNVD
CNVD
added 2018/04/20 12:0 a.m.4 views

Zyxel Multy X (AC3000 Tri-Band WiFi System) Device Backdoor Vulnerability

The Zyxel Multy X AC3000 Tri-Band WiFi System device is a wireless networking kit from Hopkins ZyXEL Technologies. A security vulnerability exists in the Zyxel Multy X AC3000 Tri-Band WiFi System device, which arises from the program failing to use the correct mechanism to protect the UART.An...

7.2CVSS6.8AI score0.00474EPSS
Exploits1References1
CVE
CVE
added 2018/04/01 6:0 p.m.45 views

CVE-2018-9149

The CVE-2018-9149 entry concerns Zyxel Multy X (AC3000 Tri-Band WiFi System). The vulnerability arises from an inadequate protection mechanism for the UART, enabling an attacker who physically accesses the device (after dismantling) to connect via USB-UART and log in with the root password 1234. ...

7.2CVSS6.7AI score0.00474EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder