WAVLINK WL-NU516U1 安全漏洞

WAVLINK WL-NU516U1 is a wireless print server from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink WL-NU516U1 version 240425, which originates from the incorrect operation of the parameter ipaddr in the file /cgi-bin/login.cgi, which could lead to a remote os command injectio...

Wavlink WL-WN578W2 sub_401340 function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection

A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2025-10325

CVE-2025-10325 affects Wavlink WL-WN578W2 (firmware 221110). The vulnerability centers on the sub_401340/sub_401BA4 function in /cgi-bin/login.cgi, where improper handling of the ipaddr parameter enables remote command injection. Public PoC/exploits exist, and multiple feeds confirm remote execut...

Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

PT-2025-37345

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in the Wavlink WL-WN578W2 router. The issue is located in the /cgi-bin/login.cgi file, specifically within the sub 401340/sub 401BA4 function. Manipulation of the ipaddr...

CVE-2025-5408

The CVE-2025-5408 issue affects WAVLINK QUANTUM D2G/D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 (versions up to V1410_240222). The vulnerability is in the function sys_login of /cgi-bin/login.cgi within the HTTP POST Request Handler, where manipulation of the login_page argument tri...

CVE-2025-5228 D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpdgetparm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated with...

D-Link DI-8100 安全漏洞

The D-Link DI-8100 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. The D-Link DI-8100 suffers from a buffer overflow vulnerability that originates from the parameter notify in the file /login.cgi that fails to correctly validate the leng...

CVE-2021-36708

In ProLink PRC2402M V1.0.18 and older, the setsysinit function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router...

The vulnerability of the set_lang_CountryCode() function in the login.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to perform cross-site scripting attacks and gain unauthorized access to protected information.

The vulnerability of the setlangCountryCode function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the failure to remove scipt-related HTML tags from web pages when processing the langue parameter. Exploiting this vulnerability can allow an...

WAVLINK AC3000 login.cgi restart_hour_value parameter command injection vulnerability in set_sys_init function

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the restarthourvalue parameter of the login.cgi setsysinit function failing to correctly filter the constructor command specia...

WAVLINK AC3000 login.cgi Goto_chidx function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the login.cgi Gotochidx function failing to correctly validate the length of the input data, and can be exploited by a remo...

WAVLINK AC3000 login.cgi restart_min_value parameter command injection vulnerability in set_sys_init function

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the restartminvalue parameter of the login.cgi setsysinit function failing to correctly filter the constructor command special...

CVE-2024-39761

Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...

CVE-2024-39759

Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...

CVE-2024-39760

Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...

CVE-2024-39608

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability...

CVE-2024-36290

A buffer overflow vulnerability exists in the login.cgi Gotochidx functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the restarthourvalue parameter of the login.cgi setsysinit function failing to correctly filter the constructor command specia...