5 matches found
CVE-2024-39760
creationtimestamp| type| source ---|---|--- 2025-01-14 15:17:36+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpkbthoc22t...
CVE-2024-39760
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2024-39760
CVE-2024-39760 affects Wavlink AC3000 M33A8.V5030.210505: multiple OS command injection vulnerabilities in login.cgi set_sys_init(), triggered by unauthenticated HTTP requests. The restart_min_value parameter (and related restart_hour_value) can inject commands, potentially writing crontab entrie...
CVE-2024-39760
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
Wavlink AC3000 login.cgi set_sys_init() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2018 Wavlink AC3000 login.cgi setsysinit command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39759,CVE-2024-39761,CVE-2024-39760 SUMMARY Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlin...