32 matches found
CVE-2026-30817
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
CVE-2026-32140
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
EUVD-2026-11651
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
LiteSpeed Web Server Enterprise security vulnerabilities
LiteSpeed Web Server Enterprise is a server software developed by LiteSpeed Corporation in the United States. Version 5.4.11 of LiteSpeed Web Server Enterprise contains a security vulnerability, which stems from command injection in the external application configuration interface. This...
GoCD: Information Disclosure via Logback Configuration Injection in GoCD Agent
Summary The GoCD Agent's logging mechanism Logback allows for property substitution and custom configuration loading. By default, the config directory might not exist in the installation path. However, if an attacker creates this directory and places a specially crafted agent-launcher-logback.xml...
CVE-2024-39799
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11445)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11443)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-09258)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's openport parameter failing to correctly filter constructed command special characters,...
WAVLINK AC3000 External Configuration Control Vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-09259)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's selopenprotocol parameter failing to correctly filter constructed command special...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-114444)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-09257)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's selopeninterface parameter failing to correctly filter constructed command special...
WAVLINK AC3000 External Configuration Control Vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that stems from the openvpn.cgi openvpnclientsetup function failing to properly filter construct command special characters, commands, etc. The...
CVE-2024-39800
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-39795
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
Wavlink AC3000 nas.cgi set_smb_cfg() Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2055 Wavlink AC3000 nas.cgi setsmbcfg Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39280 SUMMARY An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
WAVLINK AC3000 安全漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's openport parameter failing to correctly filter constructed command special characters,...
WAVLINK AC3000 安全漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 安全漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's selopenprotocol parameter failing to correctly filter constructed command special...