CVE-2024-36272

A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-36290

A buffer overflow vulnerability exists in the login.cgi Gotochidx functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-39768

CVE-2024-39768 affects the Wavlink AC3000 router (M33A8.V5030.210505) via the internet.cgi set_qos() function. The vulnerability is a stack-based buffer overflow in the POST parameter cli_name , where unbounded strcat writes into a 0x400-byte stack buffer. An authenticated HTTP request can trigge...

CVE-2024-39774

A buffer overflow vulnerability exists in the adm.cgi setsysadm functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39774

CVE-2024-39774 is a buffer overflow in Wavlink AC3000's adm.cgi set_sys_adm() function (M33A8.V5030.210505). An authenticated HTTP request can trigger a stack-based overflow, potentially enabling code execution or impact to privacy, integrity, and availability per TALOS findings (CVSSv3 9.1/CRITI...

CVE-2024-39357

CVE-2024-39357 describes a stack-based buffer overflow in the Wavlink AC3000 wireless.cgi SetName() functionality. TALOS confirms affected device: Wavlink AC3000 M33A8.V5030.210505, where input from the POST parameter NewName is copied to the heap with no length check and then to the stack via st...

CVE-2024-39357

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-36493

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasic functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39359

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39603

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39603

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39757

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39299

A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39299

A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-35276

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1...

PT-2025-2536 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A buffer overflow vulnerability exists in the set wzdgw4G function of adm.cgi. This issue can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. A...

Wavlink AC3000 adm.cgi rep_as_bridge() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2025 Wavlink AC3000 adm.cgi repasbridge buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-37184 SUMMARY A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...

PT-2025-2452 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: A stack-based buffer overflow vulnerability exists in the set wifi basic function within the wireless.cgi component. A specially crafted HTTP request can lead to arbitrary command execution. An...

Wavlink AC3000 qos.cgi qos_settings() buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2024-2049 Wavlink AC3000 qos.cgi qossettings buffer overflow vulnerabilities January 14, 2025 CVE Number CVE-2024-39803,CVE-2024-39801,CVE-2024-39802 SUMMARY Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000...

Wavlink AC3000 usbip.cgi set_info() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2045 Wavlink AC3000 usbip.cgi setinfo buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36272 SUMMARY A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...