384 matches found
CVE-2024-39280
An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37184
A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37357
A buffer overflow vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37357
A buffer overflow vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36295
A command execution vulnerability exists in the qos.cgi qossta functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39765
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39288
CVE-2024-39288 has concrete details in the TALOS advisory: a buffer overflow in the Wavlink AC3000 router’s internet.cgi set_add_routing() function (M33A8.V5030.210505). An authenticated HTTP request can craft input that overflows a stack buffer, allowing arbitrary code execution or a crash. Affe...
CVE-2024-39769
CVE-2024-39769 affects Wavlink AC3000, specifically the internet.cgi set_qos() function. The vulnerability is a stack-based buffer overflow in the cli_mac POST parameter (and related cli_name/en_enable issues described in the TALOS report), exploitable via authenticated HTTP requests. Impact stat...
CVE-2024-39769
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39768
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39756
A buffer overflow vulnerability exists in the adm.cgi repasrouter functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39294
A buffer overflow vulnerability exists in the adm.cgi setwzdgw4G functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37184
A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39358
CVE-2024-39358 affects Wavlink AC3000 M33A8.V5030.210505. Talos details a stack-based buffer overflow in adm.cgi (set_wzap/set_wzdap path) triggered by an authenticated HTTP request, enabling arbitrary code execution. The advisory confirms vulnerable versions and provides exploit behavior; vendor...
CVE-2024-37357
CVE-2024-37357 : Talos and Red Hat/NVD entries describe a stack-based buffer overflow in the Wavlink AC3000 adm.cgi set_TR069() functionality (M33A8.V5030.210505). An authenticated HTTP POST can trigger a long input that overwrites the return address after TR069_local_port is copied to the heap, ...
CVE-2024-37357
A buffer overflow vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39774
CVE-2024-39774 is a buffer overflow in Wavlink AC3000's adm.cgi set_sys_adm() function (M33A8.V5030.210505). An authenticated HTTP request can trigger a stack-based overflow, potentially enabling code execution or impact to privacy, integrity, and availability per TALOS findings (CVSSv3 9.1/CRITI...
CVE-2024-39774
A buffer overflow vulnerability exists in the adm.cgi setsysadm functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39774
A buffer overflow vulnerability exists in the adm.cgi setsysadm functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39370
An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...