4 matches found
CVE-2024-34166
An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-34166
An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-34166
CVE-2024-34166 affects Wavlink AC3000 M33A8.V5030.210505. The vulnerability is an OS command injection in the touchlist_sync.cgi touchlistsync() function, exploited by a specially crafted HTTP request to trigger arbitrary code execution. Cisco Talos (TALOS-2024-2000) documents a high/severe impac...
Wavlink AC3000 touchlist_sync.cgi touchlistsync() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2000 Wavlink AC3000 touchlistsync.cgi touchlistsync command injection vulnerability January 14, 2025 CVE Number CVE-2024-34166 SUMMARY An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000...