16591 matches found
CVE-2024-39770
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39770
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39768
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39768
CVE-2024-39768 affects the Wavlink AC3000 router (M33A8.V5030.210505) via the internet.cgi set_qos() function. The vulnerability is a stack-based buffer overflow in the POST parameter cli_name , where unbounded strcat writes into a 0x400-byte stack buffer. An authenticated HTTP request can trigge...
CVE-2024-39769
CVE-2024-39769 affects Wavlink AC3000, specifically the internet.cgi set_qos() function. The vulnerability is a stack-based buffer overflow in the cli_mac POST parameter (and related cli_name/en_enable issues described in the TALOS report), exploitable via authenticated HTTP requests. Impact stat...
CVE-2024-39367
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39756
A buffer overflow vulnerability exists in the adm.cgi repasrouter functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39756
A buffer overflow vulnerability exists in the adm.cgi repasrouter functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37184
A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37184
A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39294
Affected software / component: Wavlink AC3000, model M33A8.V5030.210505; vulnerable function in adm.cgi set_wzdgw4G(). Root cause & vulnerability type: Buffer overflow caused by missing length checks when handling POST data in set_wzdgw4G(), allowing stack-based overflow. Impact (as stated): Pote...
CVE-2024-39294
A buffer overflow vulnerability exists in the adm.cgi setwzdgw4G functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37184
Summary: CVE-2024-37184 affects the Wavlink AC3000 (M33A8.V5030.210505) in the adm.cgi rep_as_bridge() path. The vulnerability is a stack-based buffer overflow caused by missing length checks when handling input from the wl_rep_ssid2g POST parameter, which can overwrite the return address. An aut...
CVE-2024-39358
A buffer overflow vulnerability exists in the adm.cgi setwzap functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39358
A buffer overflow vulnerability exists in the adm.cgi setwzap functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39358
CVE-2024-39358 affects Wavlink AC3000 M33A8.V5030.210505. Talos details a stack-based buffer overflow in adm.cgi (set_wzap/set_wzdap path) triggered by an authenticated HTTP request, enabling arbitrary code execution. The advisory confirms vulnerable versions and provides exploit behavior; vendor...
CVE-2024-21797
A command execution vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-21797
A command execution vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37357
A buffer overflow vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37357
CVE-2024-37357 : Talos and Red Hat/NVD entries describe a stack-based buffer overflow in the Wavlink AC3000 adm.cgi set_TR069() functionality (M33A8.V5030.210505). An authenticated HTTP POST can trigger a long input that overwrites the return address after TR069_local_port is copied to the heap, ...