32 matches found
EUVD-1999-0305
Malware in sbrugna...
EUVD-2025-22954
Malicious code in bioql PyPI...
EUVD-2024-38385
Malicious code in bioql PyPI...
CVE-2025-54765
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include...
CVE-2025-54765 KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include...
CVE-2024-13947 External System or Configuration Control
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-09258)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's openport parameter failing to correctly filter constructed command special characters,...
WAVLINK AC3000 External Configuration Control Vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-09259)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's selopenprotocol parameter failing to correctly filter constructed command special...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11441)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
CVE-2024-39800
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-39794
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39795
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39800
CVE-2024-39800 affects WAVLINK AC3000 (openvpn.cgi openvpn_server_setup). Talos details multiple external config control vulnerabilities in openvpn_server_setup, where an authenticated HTTP request can trigger injection of parameters (sel_open_server_val, open_port, open_server_name, sel_open_int...
CVE-2024-39280
An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39789
CVE-2024-39789 affects Wavlink AC3000 (M33A8.V5030.210505) via nas.cgi set_ftp_cfg() with multiple external config control flaws. The TALOS write-up details vulnerability in the FTP config flow (ftp_name, ftp_port, ftp_max_sessions, ftp_adddir, ftp_anonymous, ftp_read/write/download/upload) store...
Wavlink AC3000 openvpn.cgi openvpn_client_setup() Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2051 Wavlink AC3000 openvpn.cgi openvpnclientsetup Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-38666 SUMMARY An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000...
WAVLINK AC3000 安全漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 安全漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
Wavlink AC3000 nas.cgi set_smb_cfg() Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2055 Wavlink AC3000 nas.cgi setsmbcfg Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39280 SUMMARY An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A special...