384 matches found
CVE-2024-37186
An os command injection vulnerability exists in the adm.cgi setledonoff functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37186
CVE-2024-37186 affects Wavlink AC3000 M33A8.V5030.210505. Talos details an OS command-injection in adm.cgi set_ledonoff(): an authenticated HTTP request can trigger arbitrary command execution via the led_cmd parameter, leading to high impact. Affected version and firmware: Wavlink AC3000 M33A8.V...
CVE-2024-39783
Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...
CVE-2024-39359
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39757
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36295
CVE-2024-36295 : Talos reports a high-severity (CVSSv3 9.1) command injection in the Wavlink AC3000 (M33A8) web UI, via the qos.cgi qos_sta() path. An authenticated HTTP POST to qos_sta can cause arbitrary commands to be written/executed through the handling of POST fields, by persisting data to ...
CVE-2024-36295
A command execution vulnerability exists in the qos.cgi qossta functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39299
The CVE-2024-39299 entry concerns a buffer overflow in Wavlink AC3000 (M33A8.V5030.210505) within qos.cgi qos_sta_settings(). Talos reports that POST data fields cli_list and cli_num are copied to a fixed-size buffer without length checks, enabling a stack-based overflow and potential arbitrary c...
CVE-2024-38666
Cisco Talos reports CVE-2024-38666 affects Wavlink AC3000 M33A8.V5030.210505, where openvpn.cgi openvpn_client_setup() accepts POST data to write into /vendor/openvpn/client/client.ovpn, enabling arbitrary command execution when vpn_type=client and ovpn_text is provided. A specially crafted authe...
CVE-2024-39602
An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39794
Wavlink AC3000 (M33A8.V5030.210505) is affected by multiple external config control vulnerabilities in the nas.cgi set_nas() proftpd functionality. The issues allow configuration injection via ftp_port and related FTP settings (ftp_name, ftp_port, ftp_max_sessions, etc.) and can enable permission...
CVE-2024-39795
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39787
CVE-2024-39787 involves directory traversal in Wavlink AC3000 nas.cgi add_dir() via the disk_part parameter. The root cause is lack of validation/filtering for relative paths ("../" sequences”), enabling an attacker with authenticated HTTP access to create directories with arbitrary permissions a...
CVE-2024-39787
Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...
CVE-2024-39784
CVE-2024-39784 is a confirmed command-injection vulnerability in Wavlink AC3000, affecting the NAS CGI (nas.cgi) add_dir() function. Talos reports the flaw resides in processing of the disk_part POST parameter (and related adddir_name in a parallel CVE-2024-39785 path), enabling arbitrary shell c...
Wavlink AC3000 wireless.cgi set_wifi_basic_mesh() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2042 Wavlink AC3000 wireless.cgi setwifibasicmesh buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39603 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000...
Wavlink AC3000 nas.cgi set_nas() samba Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2052 Wavlink AC3000 nas.cgi setnas samba Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39602 SUMMARY An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
Wavlink AC3000 usbip.cgi set_info() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2045 Wavlink AC3000 usbip.cgi setinfo buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36272 SUMMARY A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
PT-2025-2579 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos settings functionality. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an...
CVE-2024-21786
CVE-2024-21786 is an OS command injection vulnerability in MC Technologies MC LR Router 2.10.5. Cisco Talos details show the flaw resides in the web interface configuration upload path (cgi-bin/p/adm/cfg) where the request handling writes the user-supplied filename and derives file_type from the ...